Benchmark: 4 Monitoring
Overview
This section contains recommendations for configuring AWS to assist with monitoring and responding to account activities.
Metric filter-related recommendations in this section are dependent on the Ensure CloudTrail is enabled in all regions and Ensure CloudTrail trails are integrated with CloudWatch Logs recommendation in the "Logging" section.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 4 Monitoring.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.cis_v300_4Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.cis_v300_4 --shareControls
- 4.1 Ensure unauthorized API calls are monitored
- 4.2 Ensure management console sign-in without MFA is monitored
- 4.3 Ensure usage of 'root' account is monitored
- 4.4 Ensure IAM policy changes are monitored
- 4.5 Ensure CloudTrail configuration changes are monitored
- 4.6 Ensure AWS Management Console authentication failures are monitored
- 4.7 Ensure disabling or scheduled deletion of customer created CMKs is monitored
- 4.8 Ensure S3 bucket policy changes are monitored
- 4.9 Ensure AWS Config configuration changes are monitored
- 4.10 Ensure security group changes are monitored
- 4.11 Ensure Network Access Control Lists (NACL) changes are monitored
- 4.12 Ensure changes to network gateways are monitored
- 4.13 Ensure route table changes are monitored
- 4.14 Ensure VPC changes are monitored
- 4.15 Ensure AWS Organizations changes are monitored
- 4.16 Ensure AWS Security Hub is enabled