Route Table monitoring using CloudTrail and CloudWatch

Route-Table-Monitoring-CloudTrail-CloudWatch

Route Table is a channel which contains a set of rules to determine where the network traffic is directed. These set of rules are called routes. In your Virtual Private Cloud (VPC), every subnet must be associated with a route table because the routing of a subnet is controlled by these tables.

Moreover, you can associate multiple subnets to a single table. Although each subnet has only one routing table.

Know the basics of route table:

  1. Your VPC has an indirect router.
  2. Your Virtual Private Cloud comes with the main route table which can be modified.
  3. You can create additional custom route tables for your VPC.
  4. You cannot delete the main route table although you can replace it with custom made route table that you’ve already created.
  5. If you don’t directly associate a route table to a subnet then indirectly main route table associated with that subnet.

Why do you need a metric filter and alarm for your route table?

Rules of route table affect the vulnerability of your Virtual Private Cloud. And any intentional or unintentional change in the rules of route table can make your VPC vulnerable to unknown threats, hacking or remote attacks.

For the protection and real-time monitoring of your VPC, you can create a CloudTrail log for keeping the record of changes in the route table and deliver this log as an alarm to CloudWatch. Therefore, whenever any change occurs in configured rules of the route table, an alarm will be triggered to notify you about the changes made.

To know more about CloudTrail integration in CloudWatch, read this insider piece.

Why Centilytics is necessary for the protection of VPC?

Centilytics provides security insights as dedicated checks of every service that ensures overall protection of your infrastructure. So, do for CloudTrail. In this, way you can monitor the trail of your route table change.

It ensures that a trail is available for changes and register every change in no-time gap. Also, all the trails are delivered to CloudWatch on time to trigger an alarm so that you won’t miss any update.

Insight Description:

OK
 Ok: CloudTrail has CloudWatch logs groups configured with metric filter, alarm, SNS topic with at least one subscriber.
Warning
Warning: For your CloudWatch alarms, either no SNS topic is created or no individual is present in the list of topic subscribers to receive the alerts.
Critical
 Critical: Delivery to CloudWatch logs not configured.

 

Description of further columns are as follows:

Account Id: Shows the respective account ID of the user’s account.

Account ID

Account Name: Shows corresponding account name to the user’s account.

Account Name

Region: This column shows the region of your instance where it has been used.

Region

Identifier: Shows you the service with its trail name.

Identifier

Log Group Name: It represents the name of the group which have permission to use the service

Log Group Name

Metric Filter Name: Shows you the name that you have given to the metric filter.

Metric Filter Name

Alarm Name: Shows you the name of the alarm which you had assigned.

Alarm Name

SNS Topic Name: SNS refers to the Simple Notification Service group. A group of individuals who receive the alert message.

SNS Topic

Custom Severity Description: Shows the severity of your metric filter and its functions custom description.

Custom Severity Description

Filters Applicable:

Filter Name Description
Account Id Applying account Id filter will display all the public snapshots for the selected account Id.
Region Applying the region filter will display all the public snapshots corresponding to the selected region.
Severity Applying severity filter will display public snapshots according to the selected severity type i.e. selecting critical will display all instances with critical severity. Same will be the case for Warning and Ok severity types.
Resource Tags Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production).

Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.

Compliance Applying Compliance filter, you can further refine your security and health checks.

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here