Enable CloudWatch Alarm Action Rule
This rule ensures CloudWatch alarm action is enabled to effectively monitor system and information integrity.
| Rule | CloudWatch alarm action should be enabled |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ High |
Ensuring CloudWatch Alarm Actions are Enabled for FedRAMP Moderate Revision 4
Overview
FedRAMP (Federal Risk and Authorization Management Program) Moderate Revision 4 encompasses a set of security controls designed for cloud services used by the US federal government. The controls aim to safeguard and manage risk in the federal cloud computing landscape. One applicable security control mandates that monitoring systems, like AWS CloudWatch, should have alarm actions enabled to notify administrators of potential security concerns or operational issues promptly.
Rule Details
The specific rule in question requires that AWS CloudWatch alarms be configured with corresponding actions. These actions can include notifications sent to an SNS topic, auto-scaling policy execution, or EC2 instance reboot/termination. The key purpose is to ensure that in case of any anomalous behavior or predefined thresholds being breached, stakeholders are immediately alerted, and where appropriate, automated remediation is triggered.
Troubleshooting Steps
If the CloudWatch alarm action is not enabled, follow these steps to resolve the issue:
Step 1: Verify CloudWatch Alarm Configuration
- Navigate to the AWS Management Console.
- Open the CloudWatch service.
- In the left-hand menu, select 'Alarms'.
- Inspect the list of alarms to ensure they have an action set under the 'Actions' column.
Step 2: Configure Alarm Action if Missing
- Select the alarm that needs an action.
- In the 'Actions' tab of the alarm details, click 'Edit'.
- Under 'Notification', add a new action by specifying an SNS topic to notify.
- Alternatively, choose Auto Scaling action or EC2 action depending on use case.
- Save the changes.
Step 3: Verify SNS Topic Subscription
- Navigate to the SNS console.
- Select the corresponding SNS topic.
- Confirm that there are subscribers (emails, SMS, Lambda, etc.) appropriately set up for notifications.
Necessary CLI Commands
To verify and configure CloudWatch alarm actions via the AWS CLI, you can use the following commands:
# List all CloudWatch alarms aws cloudwatch describe-alarms # Put an alarm action aws cloudwatch put-metric-alarm --alarm-name "your-alarm-name" --metric-name "your-metric" --namespace "AWS/EC2" --statistic Average --period 300 --threshold 80 --comparison-operator GreaterThanThreshold --evaluation-periods 2 --alarm-actions arn:aws:sns:your-region:your-account-id:your-sns-topic --unit Percent # Subscribe an email endpoint to an SNS topic aws sns subscribe --topic-arn arn:aws:sns:your-region:your-account-id:your-sns-topic --protocol email --notification-endpoint your-email@example.com
Remediation Guide
Upon verifying that a CloudWatch alarm lacks the required actions, proceed with the following steps to remediate the deficiency:
- 1.Sign in to AWS Management Console.
- 2.Access the CloudWatch service.
- 3.Select 'Alarms' and identify alarms without actions.
- 4.Edit each alarm to include an appropriate SNS topic or auto-scaling/EC2 action.
- 5.Confirm that the SNS topic has the correct subscribers for notifications.
- 6.Validate the configuration by causing an alarm state change (where feasible) to ensure proper notifications or actions.
SEO Friendly Summary
For compliance with FedRAMP Moderate Revision 4, it's critical to maintain active monitoring and rapid response mechanisms by ensuring that your AWS CloudWatch alarms are appropriately configured with alarm actions. This guide provides a detailed walkthrough on assessing your current alarm configurations, troubleshooting issues related to notification actions, and steps for remediation using the AWS Management Console and AWS CLI, yielding a compliant and secure cloud environment.