CloudWatch log metric filter and alarm are not set for unauthorized API calls Affecting CloudWatch service in AWS

Snyk CCSS

Monitoring / Accounts Monitoring

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

AWS-Well-Architected CIS-AWS CIS-Google HIPAA ISO-27001 NIST-800-53 PCI-DSS

Snyk ID SNYK-CC-00207
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

How to fix?

Create an aws_cloudwatch_log_metric_filter and aws_cloudwatch_metric_alarm with an appropriate pattern attribute set for an aws_cloudwatch_log_group and aws_cloudtrail set of resources.

Use the following pattern attribute set:

$.errorCode=*UnauthorizedOperation
$.errorCode=AccessDenied*

Terraform

References

Example: Authorization Failures

CloudWatch log metric filter and alarm are not set for unauthorized API calls Affecting CloudWatch service in AWS

Severity

Description

How to fix?

Terraform

References