By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

Security Monitoring and Compliance

A collection of configuration packages to monitor security related activity and configuration compliance in an AWS account using services such AWS CloudTrail, AWS Config Rules, CloudWatch Alarms, andCloudWatch Event Rules.

AWS

A configuration package to enable compliance monitoring for a subset of the PCI DSS 3.2.1 controls using AWS Security Hub in an AWS account. The configuration package also includes enabling service prerequisites and configuring notifications for Security Hub findings. AWS Security Hub also turns on CIS AWS Foundations Compliance Standards by default.

CloudFormationTerraform

A configuration package which implements a monitoring framework for the CIS AWS Foundations Benchmark, which is a set of security configuration best practices for hardening AWS accounts, and provides continuous monitoring capabilities for these security configurations

CloudFormationTerraform

A configuration package to deploy AWS config rules to validate compliance with the Government of Canada’s Enterprise Guardrails for AWS.

CloudFormationTerraform
IAM

A configuration package to monitor Root Account activity as well as configuration compliance rules to ensure the Root Account's security configuration. The package includes Config Rules for compliance and CloudWatch Alarms to track activity, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups

CloudFormationTerraform

A configuration package to monitor IAM related API activity as well as configuration compliance rules to ensure the security of AWS IAM configuration. The package includes Config Rules, CloudWatch Alarms, and CloudWatch Event Rules, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups

CloudFormationTerraform
EC2

A configuration package to monitor EC2 related API activity as well as configuration compliance rules to ensure the security of AWS EC2 configuration. The package includes Config Rules, CloudWatch Alarms, and CloudWatch Event Rules, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups

CloudFormationTerraform

A configuration package to monitor Amazon Machine Images (AMIs) creation and modifications as well as ensure the compliance and security of AMIs available in the account

CloudFormationTerraform
VPC

A configuration package to monitor VPC related API activity as well as configuration compliance rules to ensure the security of VPC configuration. The package includes Config Rules, CloudWatch Alarms, and CloudWatch Event Rules, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups

CloudFormationTerraform
S3

A configuration package to monitor S3 related API activity as well as configuration compliance rules to ensure the security of Amazon S3 configuration. The package includes Config Rules, CloudWatch Alarms, and CloudWatch Event Rules, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups

CloudFormationTerraform
KMS

A configuration package to monitor KMS related API activity as well as configuration compliance rules to ensure the security of AWS KMS configuration. The package includes Config Rules, CloudWatch Alarms, and CloudWatch Event Rules, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups

CloudFormationTerraform
CloudFormation

A configuration package to automatically monitor CloudFormation stack drift (When resources deployed through CloudFormation are manaully changed after), and optionally alert on these events.

CloudFormation
Filter by source
 
AWS
IAM
EC2
VPC
S3
KMS
CloudFormation