CloudWatch alarms not monitoring IAM policy configuration changes

Logging and monitoring

CloudWatch alarms not monitoring IAM policy configuration changes

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

CCM-CSA
cis_8
GDPR
HITRUST
NIST 800-53
Orca Best Practices

Description

AWS CloudWatch alarms feature allows to watch metrics and receive notifications when metrics fall outside the settings you configured. We have identified that the cloud account ""{CloudAccount}"" is not configured with CloudWatch metrics to monitor IAM policy configuration changes.

Recommended Mitigation

Ensure cloudwatch metric is set to monitor IAM policy configuration changes. more details can be found in https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html

CloudWatch alarms not monitoring IAM policy configuration changes

Description

Need help?