AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
AWS Organizations Changes Alarm
More Info:
Amazon Organizations changes should be monitored using AWS CloudWatch alarms.
Risk Level
Low
Address
Security
Compliance Standards
HIPAA, HITRUST, CISAWS, CBP
Triage and Remediation
Remediation
The AWS Organizations Changes Alarm is triggered when there is a change in the AWS Organizations structure, such as adding or removing accounts, or changing the root email address. To remediate this misconfiguration, you can follow these steps:
-
Log in to your AWS Management Console.
-
Navigate to the CloudWatch service.
-
Click on “Alarms” in the left-hand menu.
-
Find the “AWS Organizations Changes Alarm” in the list of alarms.
-
Click on the alarm to view its details.
-
Click on the “Actions” dropdown menu and select “Disable Alarm Actions”.
-
Click “Save” to disable the alarm.
This will stop the alarm from being triggered when there is a change in the AWS Organizations structure. However, it is important to regularly review and update your AWS Organizations structure to ensure that it is properly configured and secure.
The AWS Organizations Changes Alarm is triggered when there are changes made to the AWS Organizations service. To remediate this issue, you can follow the below steps using AWS CLI:
-
Log in to your AWS account using AWS CLI.
-
Run the following command to create an SNS topic that will be used to send notifications when the alarm is triggered:
aws sns create-topic --name <topic-name>
- Run the following command to create a new CloudWatch alarm:
aws cloudwatch put-metric-alarm --alarm-name <alarm-name> --alarm-description "AWS Organizations Changes Alarm" --metric-name Organizations --namespace AWS/Organizations --statistic Sum --period 300 --evaluation-periods 1 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --dimensions Name=Operation,Value=All --alarm-actions <sns-topic-arn>
Replace the <alarm-name> with a name of your choice, <sns-topic-arn> with the ARN of the SNS topic created in step 2.
- Verify that the alarm has been created successfully by running the following command:
aws cloudwatch describe-alarms --alarm-names <alarm-name>
This should return the details of the alarm that you just created.
- Finally, you can test the alarm by making a change to your AWS Organizations service. If the alarm is triggered, you should receive a notification via the SNS topic created in step 2.
By following these steps, you can remediate the AWS Organizations Changes Alarm issue using AWS CLI.
The AWS Organizations Changes Alarm is triggered when there are changes made to the AWS Organizations service. To remediate this issue using Python, you can follow these steps:
- Create an SNS topic: You can create an SNS topic using the AWS SDK for Python (boto3). This topic will be used to send notifications whenever there is a change in the AWS Organizations service.
import boto3
sns = boto3.client('sns')
response = sns.create_topic(Name='organizations-changes')
topic_arn = response['TopicArn']
- Create a CloudWatch Events rule: You can create a CloudWatch Events rule to monitor changes to the AWS Organizations service. This rule will trigger an AWS Lambda function whenever there is a change.
import boto3
events = boto3.client('events')
response = events.put_rule(
Name='organizations-changes',
EventPattern='{"source": ["aws.organizations"]}'
)
rule_arn = response['RuleArn']
- Create an AWS Lambda function: You can create an AWS Lambda function using the AWS SDK for Python (boto3). This function will be triggered by the CloudWatch Events rule and will send a notification to the SNS topic.
import boto3
lambda_client = boto3.client('lambda')
response = lambda_client.create_function(
FunctionName='organizations-changes',
Runtime='python3.7',
Role='arn:aws:iam::123456789012:role/lambda-role',
Handler='lambda_function.lambda_handler',
Code={
'ZipFile': b'bytes',
},
Environment={
'Variables': {
'SNS_TOPIC_ARN': topic_arn,
}
},
)
function_arn = response['FunctionArn']
- Add permissions to the Lambda function: You need to add permissions to the Lambda function to allow it to publish messages to the SNS topic.
import boto3
lambda_client = boto3.client('lambda')
response = lambda_client.add_permission(
FunctionName='organizations-changes',
StatementId='sns-publish',
Action='lambda:InvokeFunction',
Principal='sns.amazonaws.com',
SourceArn=topic_arn,
)
- Create a CloudWatch alarm: You can create a CloudWatch alarm to monitor the SNS topic. This alarm will be triggered whenever a message is published to the SNS topic.
import boto3
cloudwatch = boto3.client('cloudwatch')
response = cloudwatch.put_metric_alarm(
AlarmName='organizations-changes',
AlarmActions=[topic_arn],
MetricName='NumberOfMessagesPublished',
Namespace='AWS/SNS',
Statistic='Sum',
Period=60,
EvaluationPeriods=1,
Threshold=1,
ComparisonOperator='GreaterThanOrEqualToThreshold',
)
These steps will help you remediate the AWS Organizations Changes Alarm issue using Python.