CloudWatch alarms not monitoring IAM policy configuration changes - Complete Cloud Security in Minutes - Orca Security

Logging and monitoring

CloudWatch alarms not monitoring IAM policy configuration changes

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Description

AWS CloudWatch alarms feature allows to watch metrics and receive notifications when metrics fall outside the settings you configured. We have identified that the cloud account ""{CloudAccount}"" is not configured with CloudWatch metrics to monitor IAM policy configuration changes.

Recommended Mitigation

Ensure cloudwatch metric is set to monitor IAM policy configuration changes. more details can be found in https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html

See Orca in action

See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.