You must be logged in to view saved presets
Rejected SSH connections in VPC Alarm
A CloudWatch Alarm that triggers when there are rejected SSH connections in a VPC (Default: 10 connections per hour). Requires VPC flow logs to be enabled.
Prerequisites: This Alarm requires VPC Flow Logs to be enabled, with events sent to a CloudWatch Log Group. See Related Items for configuration to enable VPC Flow Logs with CloudWatch logging, or enter the CloudWatch Log Group name under the Metric Filter Configuration section.
Items
3
Size
1.3 KB
Missing Parameters
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
SnsTopicMetricFilterCloudWatchAlarm:
Type: 'AWS::SNS::Topic'
Properties:
Subscription:
- Endpoint: email@example.com
Protocol: email
TopicName: alarm-action
CloudWatchAlarm:
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmName: cwalarm_rejected_ssh
AlarmDescription: 'A CloudWatch Alarm that triggers when there are rejected SSH connections in a VPC (Default: 10 connections per hour). Requires VPC flow logs to be enabled.'
MetricName: RejectedSSHCount
Namespace: VPCFlowLogsMetrics
Statistic: Sum
Period: '3600'
EvaluationPeriods: '1'
Threshold: '10'
ComparisonOperator: GreaterThanOrEqualToThreshold
AlarmActions:
- Ref: SnsTopicMetricFilterCloudWatchAlarm
TreatMissingData: notBreaching
MetricFilterCloudWatchAlarm:
Type: 'AWS::Logs::MetricFilter'
Properties:
LogGroupName: ''
FilterPattern: '[version, account, eni, source, destination, srcport, destport="22", protocol="6", packets, bytes, windowstart, windowend, action="REJECT", flowlogstatus]'
MetricTransformations:
- MetricValue: '1'
MetricNamespace: VPCFlowLogsMetrics
MetricName: RejectedSSHCount
Parameters: {}
Metadata: {}
Conditions: {}
Actions
Customize Template
* Required field
© 2024 asecurecloud. All rights reserved.