My Saved Presets
You must be logged in to view saved presets

Loading Library ...

Cloudformation Guard Rules for CloudWatch Alarms

CloudFormation guard rules template for CloudWatch Alarm resources

The following rules are included: 

  • Alarms Actions Enabled and Configured

let cloudwatch_metricalarms = Resources.*[
	Type == "AWS::CloudWatch::Alarm"
]

let cloudwatch_compositealarms = Resources.*[
	Type == "AWS::CloudWatch::CompositeAlarm"
]

rule cloudwatch_alarm_action_enabled when %cloudwatch_metricalarms !empty OR %cloudwatch_compositealarms !empty {
	when %cloudwatch_metricalarms !empty {
		%cloudwatch_metricalarms {
			Properties {
				ActionsEnabled !exists OR 
				ActionsEnabled exists
				when ActionsEnabled exists {
					ActionsEnabled == true <<Alarm Actions are disabled.>>
					when ActionsEnabled == true {
						AlarmActions exists OR
						InsufficientDataActions exists OR
						OKActions exists <<Alarm actions are enabled but no configured actions found.>>
					}
				}
			}
		}
	}

	when %cloudwatch_compositealarms !empty {
		%cloudwatch_compositealarms {
			Properties {
				ActionsEnabled !exists OR 
				ActionsEnabled exists
				when ActionsEnabled exists {
					ActionsEnabled == true <<Alarm Actions are disabled.>>
					when ActionsEnabled == true {
						AlarmActions exists OR
						InsufficientDataActions exists OR
						OKActions exists <<Alarm actions are enabled but no configured actions found.>>
					}
				}
			}
		}
	}
}

Actions



Customize Template

* Required field

© 2024 asecurecloud. All rights reserved.