This rule ensures presence of log metric filter and alarm for Console sign-in without MFA.
Rule | Ensure a log metric filter and alarm exist for Management Console sign-in without MFA |
Framework | cis_v130 |
Severity | ✔ Low |
Rule Description
The rule requires that a log metric filter and alarm exist for Management Console sign-in without Multi-Factor Authentication (MFA) for cis_v130. This rule is designed to enhance the security of your AWS environment by ensuring that MFA is enabled for logging into the AWS Management Console.
Remediation Steps
To remediate this rule, you need to create a log metric filter and alarm that will trigger an alert whenever there is a sign-in without MFA.
1. Create a Log Metric Filter
{ ($.eventName = ConsoleLogin) && ($.additionalEventData.MFAUsed != "Yes") }
2. Create an Alarm
Troubleshooting
If you encounter any issues during the creation of the log metric filter and alarm, here are a few troubleshooting tips:
cloudwatch:PutMetricFilter
and cloudwatch:PutMetricAlarm
permissions.{ ($.eventName = ConsoleLogin) && ($.additionalEventData.MFAUsed != "Yes") }
By following these steps and troubleshooting tips, you can ensure the existence of a log metric filter and alarm for Management Console sign-in without MFA for cis_v130, thus enhancing the security of your AWS environment.