Ensure that your Amazon CloudWatch event buses are configured to allow access only to friendly AWS accounts in order to prevent unauthorized users from sharing their CloudWatch events. An AWS CloudWatch event bus is a feature that facilitates AWS accounts to share events with each other. This can be useful to AWS accounts that belong to the same organization or belong to organizations that are associated or have a similar relationship. The event bus (currently one per account, also known as default event bus) has an access policy that specifies the set of AWS accounts that are allowed to send events to the bus. To allow only friendly users to send their events data, you need to manage the permissions defined for the default event bus. Prior to running this rule by the Cloud Conformity engine, you need to provide the friendly accounts identifiers represented by a comma-separated list of valid AWS account IDs (e.g. 123456789012, 112233445566).
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using misconfigured and overly permissive access policies for your CloudWatch event buses can allow untrusted AWS users to send their CloudWatch events.
To determine if the Amazon CloudWatch default event bus created within your account allows unknown cross-account event delivery, perform the following actions:
Case A: To update the permissions defined for the default event bus in order authorize only trusted (friendly) AWS users to send CloudWatch event data to your AWS account, perform the following actions:
Case B: To revoke the permissions defined for the CloudWatch default event bus available within your AWS account, perform the following actions:
- AWS Documentation
- Getting Started with Amazon CloudWatch Events
- What is Amazon CloudWatch Events?
- Sending and Receiving Events Between AWS Accounts
- AWS Command Line Interface (CLI) Documentation
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
EventBus Cross Account Access
Risk level: High