By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

Configuration Packages

Strategy Guides

Other

CloudWatch Alarms and Event Rules

Large EC2 Instance Changes Alarm

A CloudWatch Alarm that triggers when changes are made to large size EC2 Instances.

Prerequisites: This Alarm requires CloudTrail enabled, with events sent to a CloudWatch Log Group. See Related Configuration Items for configuration to enable CloudTrail/CloudWatch, or enter the CloudWatch Log Group name under the Metric Filter Configuration section.

Items
3
Size
1.8 KB
Missing Parameters
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  SnsTopicMetricFilterCloudWatchAlarm:
    Type: "AWS::SNS::Topic"
    Properties:
      Subscription:
        - Endpoint: "email@example.com"
          Protocol: "email"
      TopicName: "alarm-action"
  CloudWatchAlarm:
    Type: "AWS::CloudWatch::Alarm"
    Properties:
      AlarmName: "large_ec2_changes"
      AlarmDescription: "A CloudWatch Alarm that triggers when changes are made to large size EC2 Instances."
      MetricName: "EC2LargeInstanceEventCount"
      Namespace: "CloudTrailMetrics"
      Statistic: "Sum"
      Period: "300"
      EvaluationPeriods: "1"
      Threshold: "1"
      ComparisonOperator: "GreaterThanOrEqualToThreshold"
      AlarmActions:
        - Ref: "SnsTopicMetricFilterCloudWatchAlarm"
      TreatMissingData: "notBreaching"
  MetricFilterCloudWatchAlarm:
    Type: "AWS::Logs::MetricFilter"
    Properties:
      LogGroupName: ""
      FilterPattern: "{ (($.eventName = RunInstances) || ($.eventName = RebootInstances) || ($.eventName = StartInstances) || ($.eventName = StopInstances) || ($.eventName = TerminateInstances)) && (($.requestParameters.instanceType = *.32xlarge) || ($.requestParameters.instanceType = *.24xlarge) || ($.requestParameters.instanceType = *.18xlarge) || ($.requestParameters.instanceType = *.16xlarge) || ($.requestParameters.instanceType = *.12xlarge) || ($.requestParameters.instanceType = *.10xlarge) || ($.requestParameters.instanceType = *.9xlarge) || ($.requestParameters.instanceType = *.8xlarge) || ($.requestParameters.instanceType = *.4xlarge)) }"
      MetricTransformations:
        - MetricValue: "1"
          MetricNamespace: "CloudTrailMetrics"
          MetricName: "EC2LargeInstanceEventCount"
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Action Settings

Metric Filter Settings


Alarm Configuration

* Required field