CloudWatch log metric filter and alarm are not set for Management Console authentication failures Affecting CloudWatch service in AWS

Snyk CCSS

Monitoring / Accounts Monitoring

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

AWS-Well-Architected CIS-AWS CIS-Controls HIPAA ISO-27001 NIST-800-53 PCI-DSS

Snyk ID SNYK-CC-00212
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Monitoring failed console logins may decrease lead time to detect an attempt to brute force a credential, which may provide an indicator, such as source IP, that can be used in correlating other events.

How to fix?

Create an aws_cloudwatch_log_metric_filter and aws_cloudwatch_metric_alarm with an appropriate pattern attribute set for an aws_cloudwatch_log_group and aws_cloudtrail set of resources.

Use the following pattern attribute set:

$.eventName=ConsoleLogin
$.errorMessage=Failedauthentication

Terraform

References

Example: Console Sign-In Failures

CloudWatch log metric filter and alarm are not set for Management Console authentication failures Affecting CloudWatch service in AWS

Severity

Description

How to fix?

Terraform

References