Ensure that Amazon CloudWatch Events service is in use in order to enable you to react selectively and efficiently to system events that describe changes within your AWS resources. Specifically, with CloudWatch Events service you can create rules that match event patterns and take actions in response to those patterns. AWS CloudWatch Events make use of 3 main components: events, rules and targets. An event indicates a change in your AWS environment, a target processes events and a rule matches any incoming events and routes them to targets for processing. Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) works in the same way, i.e. the changes made within your AWS account are streamed into Cloud Conformity system then run them against the rules engine to take actions such as detecting anomalies, sending alert notifications, etc.
Example of Amazon CloudWatch Events use cases:
Send alert notifications when someone uses root credentials to sign-in to your AWS account.
Take a snapshot of an AWS EBS volume on a schedule.
Notify when there is an Amazon Web Services health notification posted to your account health dashboard.
Invoke an AWS Lambda function to pass a notification to a Slack channel when a specific event occurs within your AWS account.
Direct a particular API record from AWS CloudTrail to a Kinesis stream for detailed analysis of potential security risks.
This rule can help you with the following compliance standards:
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
efficiency
excellence
optimisation
AWS CloudWatch Events will help you address security, reliability, performance efficiency and cost optimisation within your AWS account in the most efficient way. Security - CloudWatch Events service is integrated with the following AWS services to enforce security within your environment: AWS VPC for infrastructure protection, AWS CloudFormation and Identity and Access Management (IAM) for incident response, AWS EBS, EFS and S3 for data protection in the cloud, AWS Cloudtrail for tracking API Calls, AWS Config for inventory of AWS resources and AWS IAM for identity and access management within your account. Reliability and Fault Management - monitor AWS resources using CloudWatch Logs and create notifications in response to operational changes, ensuring that corrective actions are taken in response to those changes, send AWS Health notifications to ensure environment reliability, implement failover schemes based on triggered events, etc. Performance Efficiency - test for how fast your resources respond to different workloads and adapt accordingly using various automations, integrate with CloudWatch Logs to monitor if the allocated resources are performing optimally and take necessary actions in case any lapses are noticed, integrate with Amazon ElastiCache and Cloudfront to assist in implementing different caching strategies. Cost Optimisation - use CloudWatch Events rules to ensure that you don't exceed your capacity as you plan appropriately and test before deploying the necessary AWS resources.
Audit
To determine if Amazon CloudWatch Events service is in use (i.e. there are any active rules currently available) within your AWS account, perform the following:
Remediation/Resolution:
In order to start utilizing AWS CloudWatch Events service within your AWS account you must create and configure CloudWatch Events rules. To create your own event rules, perform the following:
Note: As example, this conformity rule demonstrates how to use Amazon CloudWatch Events service to run an AWS Lambda function on a schedule.References
- AWS Documentation
- Getting Started with Amazon CloudWatch Events
- What is Amazon CloudWatch Events?
- Tutorial: Schedule Lambda Functions Using CloudWatch Events
- Monitoring AWS Health Events with Amazon CloudWatch Events
- AWS Command Line Interface (CLI) Documentation
- events
- list-rules
- put-rule
- put-targets
- lambda
- add-permission