A CloudWatch Alarm that triggers when there are rejected SSH connections in a VPC (Default: 10 connections per hour). Requires VPC flow logs to be enabled.
Repository of AWS CloudWatch Alarm and Event Rules. Each configuration item includes customizable CloudFormation template and AWS CLI scripts.
A CloudWatch Alarm that triggers if there is API activity in the account without MFA (Multi-Factor Authentication).
A CloudWatch Event Rule that detects changes to IAM users and groups and publishes change events to an SNS topic for notification. Events include IAM user creation/deletion/update operations, updating IAM user passwords or Access Keys, as well as attaching/detaching policies from IAM users or groups.