Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Ensure a log metric filter and alarm exist for VPC changes

This rule ensures the presence of log metric filter and alarm for VPC changes.

RuleEnsure a log metric filter and alarm exist for VPC changes
FrameworkGeneral Data Protection Regulation (GDPR)
Severity
Low

Rule Description:

This rule ensures that a log metric filter and alarm are set up to monitor any changes related to the Virtual Private Cloud (VPC) in order to comply with the General Data Protection Regulation (GDPR). The GDPR mandates that organizations protect personal data and requires them to have proper monitoring mechanisms in place for VPC changes.

Troubleshooting Steps:

  2. 1.
    Review the existing log metric filter and alarm configuration.
  4. 2.
    Ensure that the log metric filter is accurately filtering the VPC change events.
  6. 3.
    Verify that the alarm is correctly triggered when a VPC change is detected.
  8. 4.
    Check if the alarm's threshold and notification settings are configured properly.

Necessary Codes:

No code is required for this rule.

Remediation Steps:

Follow the step-by-step guide below to set up the log metric filter and alarm for monitoring VPC changes:

  2. 1.

    Open the AWS Management Console and navigate to the CloudWatch service.

  4. 2.

    In the CloudWatch dashboard, click on "Logs" in the navigation pane.

  6. 3.

    Select the log group associated with your VPC.

  8. 4.

    Click on the "Create Metric Filter" button.

  10. 5.

    Define your filter pattern:

    • Enter a filter pattern that captures VPC change events. For example:

      {($.eventName = "CreateVpc") || ($.eventName = "DeleteVpc") || ($.eventName = "ModifyVpcAttribute")}

    • Deselect the "Use default settings" option.

    • Choose a log event pattern to test your filter pattern and ensure it captures the desired events.

    • Click on "Test pattern" to verify the filter pattern is functioning correctly.

  12. 6.

    Specify the filter details:

    • Provide a name for your metric filter.

    • Select a new or existing metric namespace to categorize your filter.

    • Enter a metric name that describes the VPC change events.

    • Choose a unit of measurement (e.g., Count).

    • Click on "Create filter" to save the configuration.

  14. 7.

    Navigate to the CloudWatch dashboard and select "Alarms" in the navigation pane.

  16. 8.

    Click on the "Create alarm" button to set up a new alarm.

  18. 9.

    Define the alarm configuration:

    • Select the metric filter you created earlier from the "Select metric" dropdown.

    • Set the appropriate threshold that triggers the alarm when VPC changes occur.

    • Configure the notification settings to receive alerts when the alarm is triggered.

    • Choose the desired actions to be taken when the alarm state changes.

    • Click on "Create alarm" to save the configuration.

  20. 10.

    Test the configuration by making changes to your VPC (e.g., creating, deleting, or modifying a VPC).

  22. 11.

    Verify that the alarm is triggered, and you receive the specified notifications in case of any VPC changes.

By following these steps, you will have successfully set up a log metric filter and alarm to monitor VPC changes to comply with GDPR requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now