Ensure all your AWS CloudFormation stacks are using Simple Notification Service (AWS SNS) in order to receive notifications when an event occurs. Monitoring stack events such as create - which triggers the provisioning process based on a defined CloudFormation template, update – which updates the stack configuration or delete – which terminates the stack by removing its collection of AWS resources, will enable you to respond fast to any unauthorized action that could alter your AWS environment.
This rule can help you with the following compliance standards:
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
With SNS integration you can increase the visibility of your AWS CloudFormation stack activity, beneficial for security and management purposes.
To determine if your CloudFormation stacks are associated with AWS SNS topics for receiving notifications, perform the following:Note: Verifying CloudFormation stack integration with the SNS service using AWS Management Console is not currently supported.
Remediation / Resolution
To integrate your active CloudFormation stack with an SNS topic in order to receive email notifications whenever a stack event occurs, perform the following:
- AWS Documentation
- How Does AWS CloudFormation Work?
- Amazon Simple Notification Service-backed Custom Resources
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable AWS CloudFormation Stack Notifications
Risk level: Medium