CloudWatch Alarms and Event Rules - Internet Gateway Changes Alarm

A CloudWatch Alarm that triggers when changes are made to an Internet Gateway in a VPC.

Prerequisites: This Alarm requires CloudTrail enabled, with events sent to a CloudWatch Log Group. See Related Configuration Items for configuration to enable CloudTrail/CloudWatch, or enter the CloudWatch Log Group name under the Metric Filter Configuration section.

CloudFormation |AWS CLI |

Terraform

Items

Size

1.3 KB

Missing Parameters

YAML/JSON

AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  SnsTopic:
    Type: 'AWS::SNS::Topic'
    Properties:
      Subscription:
        - Endpoint: email@example.com
          Protocol: email
      TopicName: alarm-action
  CloudWatchAlarm:
    Type: 'AWS::CloudWatch::Alarm'
    Properties:
      AlarmName: igw_changes
      AlarmDescription: >-
        A CloudWatch Alarm that triggers when changes are made to an Internet
        Gateway in a VPC.
      MetricName: GatewayEventCount
      Namespace: CloudTrailMetrics
      Statistic: Sum
      Period: '300'
      EvaluationPeriods: '1'
      Threshold: '1'
      ComparisonOperator: GreaterThanOrEqualToThreshold
      AlarmActions:
        - Ref: SnsTopic
      TreatMissingData: notBreaching
  MetricFilter:
    Type: 'AWS::Logs::MetricFilter'
    Properties:
      LogGroupName: ''
      FilterPattern: >-
        { ($.eventName = CreateCustomerGateway) || ($.eventName =
        DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) ||
        ($.eventName = CreateInternetGateway) || ($.eventName =
        DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }
      MetricTransformations:
        - MetricValue: '1'
          MetricNamespace: CloudTrailMetrics
          MetricName: GatewayEventCount
Parameters: {}
Metadata: {}
Conditions: {}