AWS Misconfigurations
Cloudwatch Audit
AWS Misconfigurations
Cloudwatch Audit
Checks Performed
- Authorization Failures Alarm
- AWS Config Changes Alarm
- CloudTrail Changes Alarm
- CloudWatch Log Group Should Be Encrypted
- CloudWatch Log Groups Should Be Encrypted With CMK
- CMK Disabled or Scheduled for Deletion Alarm
- Console Sign-in Failures Alarm
- AWS Console Sign In Without MFA Should Be Monitored
- Resource Policy Attachment In Custom EventBus
- Resource Policy Attachment In Custom Schema Registry
- Cloudwatch Loggroup Retention Period Should Be Reviewed
- EC2 Instance Changes Alarm
- EC2 Instance Changes Alarm
- EventBus Should Not Allow Cross Account Access
- Event Bus Should Not Be Exposed
- AWS CloudWatch Events Should Be Used
- FMS Shield Resource Policy Should Be Enabled
- FMS Web ACL Should Have Rule Group Association
- Global Endpoint Event Replication Enabled
- IAM Policy Changes Alarm
- Internet Gateway Changes Alarm
- Metric Filter for VPC Flow Logs CloudWatch Log Group
- Network ACL Changes Alarm
- AWS Organizations Changes Alarm
- Root Account Usage Alarm
- Route Table Changes Alarm
- S3 Bucket Changes Alarm
- Security Group Changes Alarm
- VPC Changes Alarm
- CloudWatch Alarm for VPC Flow Logs Metric Filter
- WAF Global Rule Groups Should Not Be Empty
- WAF Global Rules Should Not Be Empty
- WAF Global Web ACL Rules Should Not Be Empty
- WAFv2 WebACL Rule Group Logging Should Be Enabled
- WAF Regional Rule Groups Should Not Be Empty
- WAF Regional Rules Should Not Be Empty
- WAF Regional Web ACL Should Not Be Empty
- WAFv2 WebACL Should Contain Rule Group Or Groups
- WAFv2 WebACL Rule Group Logging Should Be Enabled
- WAF V2 Rule Groups Should Not Be Empty