Logging and monitoring

Create a Metric Alarm and Filter for changes to Network Access Control Lists (NACL)

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. NACLs are used as a stateless packet filter to control ingress and egress traffic for subnets within a VPC. Monitoring changes to NACLs will help ensure that AWS resources and services are not unintentionally exposed.
  • Recommended Mitigation

    It is recommended that a metric filter and alarm be established for changes made to NACLs.