Enabling AWS Config monitoring and alarms

AWS-Config_Metric-Filters-&-Alarms_Cloud-Security

What is AWS Config?

AWS Config is a service that allows you to evaluate, audit and assess your AWS resources. Through AWS Config, you can record and monitor your resource configuration. It also enables you to automate the evaluation of recorded configuration against the desired configuration. Therefore, you can review the changes occurring in the configuration of your resources. Moreover, Amazon Config gives you a deep insight into resource configuration history and determine your overall compliance against the configurations that you have specified.

AWS config monitoring and alarms is a security best practice

AWS Configure services are often used by developers or operations teams to avoid misconfigurations at AWS resource/service level and close security gaps. Once you enable the AWS Config, it starts detecting your existing cloud resources, records of their current configurations and changes that have occurred in these resources. Data recorded by AWS Config can be extremely useful for security audit, operational troubleshooting and compliance use cases as well. It can determine how an AWS resource was set up at a certain point of time and what relationship it had with other services and resources. You need to be aware of all the configuration changes made in the AWS Config. Therefore, it is essential to monitor any configuration changes made at the Config service level to keep your AWS cloud environment safe.

What do you need Centilyitcs for?

AWS Config plays a vital role in your AWS cloud environment. Hence, our primary advice to you: Avoid providing your non-privileged IAM users the permission to modify any configuration in AWS Config service within your account. Since visibility into your Amazon Web Services activity is an important aspect of safety and operational best practices, Centilytics makes it much easier for you to detect configuration changes in Amazon Config. It also helps you prevent any accidental or intentional modifications that may lead to unauthorized access or any other security breaches.

Insight Description:

OK-AWS Config  Ok: CloudTrail has CloudWatch logs groups configured with metric filter, alarm, SNS topic with at least one subscriber.
Warning-AWS Config Warning: For your CloudWatch alarms, either no SNS topic is created or no individual is present in the list of topic subscribers to receive the alerts.
Critical-AWS Config  Critical: Delivery to CloudWatch logs not configured

 

Description of further columns are as follows:

Account Id: Shows the respective account ID of the user’s account.

Account ID-AWS Config

Account Name: Shows the account name corresponding to the user’s account.

Account Name-AWS Config

Region: This column shows the region of your instance where it has been used.

Region-AWS Config

Identifier: Shows you the service with its trial name.

Identifier-AWS Config

Log Group Name: It represents the name of the group which has permission to use the service.

Log Group Name-AWS Config

Metric Filter Name: Shows you the name that you have given to the metric filter

Metric Filter Name-AWS Config

Alarm Name: Shows you the name of the alarm which you have assigned.

Alarm Name-AWS Config

SNS Topic Name: SNS refers to the Simple Notification Service group. A group of individuals who receive the alert message.

SNS Topic-AWS Config

Custom Severity Description: Shows the severity of your metric filter and its functions custom description.

Custom Severity Description-AWS Config

Filters Applicable:

Filter Name Description
Account Id Applying account Id filter will display all the public snapshots for the selected account Id.
Region Applying the region filter will display all the public snapshots corresponding to the selected region.
Severity Applying severity filter will display public snapshots according to the selected severity type i.e. selecting critical will display all instances with critical severity. Same will be the case for Warning and Ok severity types.
Resource Tags Applying resource tags filter will display those public snapshots which have been assigned the selected resource tag. For e.g., If a user has tagged some public snapshots by a resource tag named environment, then selecting an environment from the resource tags filter will display all those snapshots.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production). Hence, the user can view data of all the resources which are tagged as “environment:production”. The user can use the tag value filter only when a tag name has been provided.
Compliance Applying Compliance filter, you can further refine your security and health checks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here