A CloudWatch Alarm that triggers if customer created CMKs get disabled or scheduled for deletion.

 
Items
2
Size
1.0 KB
Missing Parameters
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  CloudWatchAlarm:
    Type: 'AWS::CloudWatch::Alarm'
    Properties:
      AlarmName: disabled_deleted_cmks
      AlarmDescription: >-
        A CloudWatch Alarm that triggers if customer created CMKs get disabled
        or scheduled for deletion.
      MetricName: KMSCustomerKeyDeletion
      Namespace: CloudTrailMetrics
      Statistic: Sum
      Period: '60'
      EvaluationPeriods: '1'
      Threshold: '1'
      ComparisonOperator: GreaterThanOrEqualToThreshold
      AlarmActions:
        - ''
      TreatMissingData: notBreaching
  MetricFilter:
    Type: 'AWS::Logs::MetricFilter'
    Properties:
      LogGroupName: ''
      FilterPattern: >-
        { ($.eventSource = kms.amazonaws.com) &&  (($.eventName=DisableKey) ||
        ($.eventName=ScheduleKeyDeletion)) }
      MetricTransformations:
        - MetricValue: '1'
          MetricNamespace: CloudTrailMetrics
          MetricName: KMSCustomerKeyDeletion
Parameters: {}
Metadata: {}
Conditions: {}

Customize Cf Template

Alarm Configuration


Metric Filter Configuration


* Required field