Skip to content
This repository has been archived by the owner on Oct 30, 2019. It is now read-only.

CloudTrail and CloudWatch configuration with some basic security alarms.

License

Notifications You must be signed in to change notification settings

alphagov/aws-security-alarms

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CloudWatch Metrics and Alarms for CloudTrail logs

Work in progress: We're currently investigating the best ways to monitor our AWS usage. This is one option we're testing out.

Terraform to setup CloudTrail for sending logs into CloudWatch. Creates metrics and alarms in CloudWatch which trigger notifications to be sent via SNS.

Alarms

  • unexpected-ip-access: Triggered by API calls made from IP addresses not set in var.admin_whitelist.
  • root-activity Triggered by API calls made by the Root user account.
  • unauthorized Triggered by failed logins from the AWS console. Or API calls which are now allowed for that credential.

Usage

Example: all-alarms.tf sets up cloudtrail and enables the alarms provided here.

When used as a module the cloudtrail_s3_bucket_name should be an existing S3 bucket name which may be managed in a separate account.

Configure CloudTrail, CloudWatch and SNS:

module "aws-security-alarms" {
  source = "github.com/alphagov/aws-security-alarms//terraform"
  cloudtrail_s3_bucket_name = "some-bucket-to-store-cloudtrail-logs-in"
  cloudtrail_s3_bucket_prefix = "bucket-sub-directory"
}

Enable individual alarms:

module "unexpected-ip-access" {
  source = "github.com/alphagov/aws-security-alarms//terraform/alarms/unexpected_ip_access"
  cloudtrail_log_group = "${module.aws-security-alarms.cloudtrail_log_group}"
  alarm_actions = ["${module.aws-security-alarms.security-alerts-topic}"]
  environment_name = "test"
}

About

CloudTrail and CloudWatch configuration with some basic security alarms.

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages