Loading controls...
Control: Ensure a log metric filter and alarm exist for AWS Config configuration changes
Description
You can do real-time monitoring of API calls by directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Security Hub recommends that you create a metric filter and alarm for changes to AWS Config configuration settings. Monitoring these changes helps ensure sustained visibility of configuration items in the account
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.log_metric_filter_config_configuration
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.log_metric_filter_config_configuration --share
SQL
This control uses a named query:
log_metric_filter_config_configuration