Best practices

AWS CloudFormation stack notifications are disabled

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

AWS CloudFormation is a service that provides infrastructure as code (IaC), which practically means writing code using a descriptive language (JSON or YAML) that allows you to simply model, provision, and manage AWS and third-party resources. You construct a template that specifies all of the AWS resources you want (such as Amazon EC2 instances or Amazon RDS DB instances), and CloudFormation handles the provisioning and configuration for you. Thus, with CloudFormation you will be able to simplify infrastructure management, quickly replicate your infrastructure and easily control and track changes to your infrastructure. We have found that the AWS CloudFormation stack {AwsCloudFormationStack} is not associated with an SNS topic.
  • Recommended Mitigation

    It is recommended to associate your AWS CloudFormation stack {AwsCloudFormationStack} with an SNS topic in order to receive notifications when an event occurs.Monitoring stack events such as CREATE - which triggers the provisioning process based on a defined CloudFormation template, UPDATE - which updates the stack configuration, and DELETE, which terminates the stack by removing its collection of AWS resources, will allow you to respond quickly to any unauthorized action that could alter your AWS environment. For more information: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sns-topic.html