Policy: AWS > CIS v1 > 3 Monitoring
Covers recommendations addressing Monitoring.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
- 3.01 Ensure a log metric filter and alarm exist for unauthorized API calls (Scored)
- 3.02 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Scored)
- 3.03 Ensure a log metric filter and alarm exist for usage of "root" account (Scored)
- 3.04 Ensure a log metric filter and alarm exist for IAM policy changes (Scored)
- 3.05 Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)
- 3.06 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Scored)
- 3.07 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Scored)
- 3.08 Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)
- 3.09 Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)
- 3.10 Ensure a log metric filter and alarm exist for security group changes (Scored)
- 3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) (Scored)
- 3.12 Ensure a log metric filter and alarm exist for changes to network gateways (Scored)
- 3.13 Ensure a log metric filter and alarm exist for route table changes (Scored)
- 3.14 Ensure a log metric filter and alarm exist for VPC changes (Scored)
Controls
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/aws-cisv1#/policy/types/s03
- turbot graphql policy-type --id "tmod:@turbot/aws-cisv1#/policy/types/s03"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-cisv1#/policy/types/s03"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI