This rule ensures the presence of a log metric filter and alarm for CloudTrail configuration changes.
Rule | Ensure a log metric filter and alarm exist for CloudTrail configuration changes |
Framework | cis_v130 |
Severity | ✔ Low |
Rule Description:
This rule ensures that a log metric filter and alarm are configured for monitoring CloudTrail configuration changes according to the CIS (Center for Internet Security) benchmark version 1.3.0 (cis_v130).
Troubleshooting Steps (if applicable):
If the log metric filter and alarm for CloudTrail configuration changes are missing or not properly configured, follow these troubleshooting steps:
Necessary Codes (if applicable):
There are no specific codes required for this rule. However, you may need to use AWS CLI commands or CloudFormation templates, depending on the remediation steps mentioned below.
Remediation Steps:
Follow these step-by-step instructions to remediate the rule if it is flagged as non-compliant:
{($.eventName = "UpdateTrail") || ($.eventName = "CreateTrail") || ($.eventName = "DeleteTrail")}
Once the above steps are completed, a log metric filter and alarm will be in place to monitor CloudTrail configuration changes as per the CIS benchmark (cis_v130). Any subsequent changes to the CloudTrail configuration will trigger the alarm, allowing you to take necessary actions to mitigate potential security risks.
Note: Remember to periodically review and update the alarm settings as needed to align with your organization's security requirements and compliance standards.