top of page

CloudWatch.4

Ensure a log metric filter and alarm exist for IAM policy changes

Severity

Cloud Platforms

Resources

Related Standards

Automated

LOW

AWS

Amazon CloudWatch

AWS CIS Foundations v1.2 & v1.4, CIS v8, CDR, ISO27001, SOC2, NIST CSF,

YES

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. It is recommended that a metric filter and alarm be established changes made to Identity and Access Management (IAM) policies.

6pl org white ai logo.png

(C) Copyright 2023 6PILLARS CLOUD AUTOMATION PTY LTD

bottom of page