This rule ensures a log metric filter and alarm exist for AWS Management Console authentication failures.
Rule | Ensure a log metric filter and alarm exist for AWS Management Console authentication failures |
Framework | General Data Protection Regulation (GDPR) |
Severity | ✔ Low |
Rule Description
This rule enforces the creation of a log metric filter and alarm for AWS Management Console authentication failures specifically for General Data Protection Regulation (GDPR) compliance. By monitoring and alerting on these authentication failures, the organization can proactively identify potential security incidents and address them promptly to maintain compliance with GDPR requirements.
Troubleshooting Steps
If you encounter any issues while setting up the log metric filter and alarm, you can follow these troubleshooting steps:
cloudwatch:PutMetricFilter
and cloudwatch:PutMetricAlarm
.Necessary Codes
There are no specific codes required for this rule. However, you can use the AWS Command Line Interface (CLI) to configure the log metric filter and alarm if desired.
Step-by-Step Guide
To ensure a log metric filter and alarm exist for AWS Management Console authentication failures, follow these steps:
Step 1: Access CloudWatch
Step 2: Create a Log Metric Filter
{ ($.eventSource = "signin.amazonaws.com") && ($.eventName = "ConsoleLogin") && ($.additionalEventData.MFAUsed != "Yes") && ($.errorCode != "Success") }
Step 3: Configure an Alarm
Step 4: Test the Alarm
To ensure the alarm is functioning correctly, attempt a failed AWS Management Console authentication. The alarm should trigger and send the configured notifications, allowing you to investigate the unauthorized access attempt.
Conclusion
By following the steps outlined above, you will have successfully implemented a log metric filter and alarm for AWS Management Console authentication failures, specifically to comply with General Data Protection Regulation (GDPR) requirements. This proactive approach to monitoring authentication attempts helps maintain a secure and compliant environment.