CloudWatch Alarms and Event Rules: Detect and Notify on IAM User Changes

My Saved Presets

A CloudWatch Event Rule that detects changes to IAM users and groups and publishes change events to an SNS topic for notification. Events include IAM user creation/deletion/update operations, updating IAM user passwords or Access Keys, as well as attaching/detaching policies from IAM users or groups.

Description

EventBusName

Name

RoleArn

ScheduleExpression

State

Targets

Arn

BatchParameters

ArrayProperties

Size

JobDefinition

JobName

RetryStrategy

Attempts

DeadLetterConfig

Arn

EcsParameters

CapacityProviderStrategy

EnableECSManagedTags

EnableExecuteCommand

Group

LaunchType

NetworkConfiguration

AwsVpcConfiguration

AssignPublicIp DISABLED ENABLED
SecurityGroups

Subnets

PlacementConstraints

PlacementStrategies

PlatformVersion

PropagateTags

ReferenceId

TagList

TaskCount

TaskDefinitionArn

HttpParameters


PathParameterValues

Id

Input

InputPath

InputTransformer

InputTemplate

KinesisParameters

PartitionKeyPath

RedshiftDataParameters

Database

DbUser

SecretManagerArn

Sql

StatementName

WithEvent

RetryPolicy

MaximumEventAgeInSeconds

MaximumRetryAttempts

RoleArn

SqsParameters

MessageGroupId

CloudFormation Template