AWS Cloudwatch
About
Monitor and audit Cloudwatch to ensure security, availability, reliability is not compromised.
Security
AWS CloudWatch Events In Use
Ensure CloudWatch Events is in use to help you respond to operational changes within your AWS resources.
AWS Config Changes Alarm
Ensure AWS Config configuration changes are being monitored using CloudWatch alarms.
AWS Console Sign In Without MFA
Monitor for AWS Console Sign-In Requests Without MFA.
AWS Organizations Changes Alarm
Ensure Amazon Organizations changes are being monitored using AWS CloudWatch alarms.
Authorization Failures Alarm
Ensure any unauthorized API calls made within your AWS account are being monitored using CloudWatch alarms.
CMK Disabled or Scheduled for Deletion Alarm
Ensure AWS CMK configuration changes are being monitored using CloudWatch alarms.
CloudTrail Changes Alarm
Ensure all AWS CloudTrail configuration changes are being monitored using CloudWatch alarms.
Console Sign-in Failures Alarm
Ensure your AWS Console authentication process is being monitored using CloudWatch alarms.
EC2 Instance Changes Alarm
Ensure AWS EC2 instance changes are being monitored using CloudWatch alarms.
EC2 Large Instance Changes Alarm
Ensure AWS EC2 large instance changes are being monitored using CloudWatch alarms.
IAM Policy Changes Alarm
Ensure AWS IAM policy configuration changes are being monitored using CloudWatch alarms.
Internet Gateway Changes Alarm
Ensure AWS VPC Customer/Internet Gateway configuration changes are being monitored using CloudWatch alarms.
Network ACL Changes Alarm
Ensure AWS Network ACLs configuration changes are being monitored using CloudWatch alarms.
Root Account Usage Alarm
Ensure Root Account Usage is being monitored using CloudWatch alarms.
Route Table Changes Alarm
Ensure AWS Route Tables configuration changes are being monitored using CloudWatch alarms.
S3 Bucket Changes Alarm
Ensure AWS S3 Buckets configuration changes are being monitored using CloudWatch alarms.
Security Group Changes Alarm
Ensure AWS security groups configuration changes are being monitored using CloudWatch alarms.
VPC Changes Alarm
Ensure AWS VPCs configuration changes are being monitored using CloudWatch alarms.
Event Bus Exposed
Ensure that your AWS CloudWatch event bus is not exposed to everyone.
EventBus Cross Account Access
Ensure that AWS CloudWatch event buses do not allow unknown cross-account access for delivery of events.
Create CloudWatch Alarm for VPC Flow Logs Metric Filter
Ensure that a CloudWatch alarm is created for the VPC Flow Logs metric filter and an alarm action is configured.
Metric Filter for VPC Flow Logs CloudWatch Log Group
Ensure that a log metric filter for the CloudWatch group assigned to the VPC Flow Logs is created.
Sources
https://www.cloudanix.com/recipelist/aws/cloudwatchmonitoring
Help Us Improve!
If you have any suggestions to improve this checklist, please let us know by filling out
this form.
