By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

CloudWatch Alarms and Event Rules

Repository of AWS CloudWatch Alarm and Event Rules. Each configuration item includes customizable CloudFormation template and AWS CLI scripts.

CloudWatch Alarms

A CloudWatch Alarm that triggers when there are rejected SSH connections in a VPC (Default: 10 connections per hour). Requires VPC flow logs to be enabled.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when the traffic outgoing over a managed AWS VPN tunnel hits a certain threshold (Default: Less than 1,000,000 bytes in 15 minutes).

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when the traffic incoming over a managed AWS VPN tunnel hits a certain threshold (Default: Over 5,000,000 bytes in 15 minutes).

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when the state of both VPN tunnels in an AWS VPN connection are down.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers the AWS bill reaches the specified threshold (default: 100 USD). (Note: Should be deployed in N. Virgina Region - us-east-1)

CloudFormationTerraformAWS CLI

Alarm if Multiple unauthorized actions or logins attempted.

CloudFormationTerraformAWS CLI

Alarm if there are AWS Management Console authentication failures.

CloudFormationTerraformAWS CLI

Alarm if a root user uses the account

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers if there is API activity in the account without MFA (Multi-Factor Authentication).

CloudFormationTerraformAWS CLI

Alarm if there is a Management Console sign-in without MFA.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to IAM policies. Events include IAM policy creation/deletion/update operations as well as attaching/detaching policies from IAM users, roles or groups.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to IAM users. Events include IAM user creation/deletion/update operations, updating IAM user passwords or Access Keys, as well as attaching/detaching policies from IAM users or groups.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to IAM MFA devices (Virtual or Hardware). Events include enabling/disabling/updating MFA virtual and hardware devices in an AWS account.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to an Internet Gateway in a VPC.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to CloudTrail.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to AWS Config.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to a VPC.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to a VPC's Route Table.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to Security Groups.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to an S3 Bucket.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when an S3 Bucket is created or deleted.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to large size EC2 Instances.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to EC2 Instances.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made to a Network ACL (NACL).

CloudFormationTerraformAWS CLI

Alarm if customer created CMKs get disabled or scheduled for deletion.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers on changes to customer created CMKs: Key creation, deletion, or enabling/disabling operations, as well as updates to CMK Key policies.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when changes are made EMR Security Configurations or Public Access Settings for EMR

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when new AMIs (Amazon Machine Images) are created or registered in the account.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when existing AMIs (Amazon Machine Images) are modified, deleted, copied or shared with other AWS accounts.

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when a new CloudFormation stack is created

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when an existing CloudFormation stack is updated

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when an existing CloudFormation stack is deleted

CloudFormationTerraformAWS CLI
CloudWatch Events

A CloudWatch Event Rule that triggers on changes in the status of AWS Trusted Advisor checks, and forwards the events to an SNS topic

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that triggers on changes in the status of AWS Personal Health Dashboard (AWS Health) and forwards the events to an SNS topic

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that detects changes to AWS Config Rule compliance status and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that triggers on Amazon GuardDuty findings and publishes findings to an SNS topic. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that triggers on AWS Security Hub findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that triggers on Amazon Macie findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI

Detect changes to security groups and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI

Detect changes to EC2 Instances and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI

Detect changes to network ACLs and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI

Detect changes to network configuration and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that detects IAM policy changes and publishes change events to an SNS topic for notification. Events include IAM policy creation/deletion/update operations as well as attaching/detaching policies from IAM users, roles or groups.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that detects changes to IAM users and groups and publishes change events to an SNS topic for notification. Events include IAM user creation/deletion/update operations, updating IAM user passwords or Access Keys, as well as attaching/detaching policies from IAM users or groups.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that detects changes to IAM MFA devices (Virtual and Hardware) and publishes change events to an SNS topic for notification. Events include enabling/disabling/updating MFA virtual and hardware devices in an AWS account.

CloudFormationTerraformAWS CLI

Detect changes to CloudTrail configutation and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI

Detect changes to S3 bucket policies and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI

Detect changes to AWS Config and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that detects KMS Customer Master Key (CMK) changes and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that triggers on AWS KMS Customer Master Key (CMK) deletion events.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that triggers on AWS KMS Customer Master Key (CMK) rotation events.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that triggers on AWS KMS Customer Master Key (CMK) imported material expiration events.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that triggers on IAM Access Analyzer Findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that triggers when each ECR vulnerability image scan is completed. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI

A CloudWatch Event Rule that sends a notification to provide notice of approaching expiration of an ACM certificate. and forwards the events to an SNS topic.

CloudFormationTerraformAWS CLI
Filter by source
 
CloudWatch Alarms
CloudWatch Events