aws_compliance

AWS Compliance

You can do real-time monitoring of API calls by directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Security Hub recommends that you create a metric filter and alarm for changes to S3 bucket policies. Monitoring these changes might reduce time to detect and correct permissive policies on sensitive S3 buckets.

log_metric_filter_bucket_policy

nist_800_171_rev_2_3_12_1

3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application

nist_800_171_rev_2_3_12_3

3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls

nist_800_171_rev_2_3_12_4

3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems

article_25

Article 25 Data protection by design and by default

all_controls_cloudwatch

CloudWatch

nist_csf_de_cm_2

DE.CM-2

nist_csf_id_ra_1

ID.RA-1

nist_csf_id_ra_5

ID.RA-5

nist_csf_id_sc_4

ID.SC-4

Ensure a log metric filter and alarm exist for S3 bucket policy changes

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: Ensure a log metric filter and alarm exist for S3 bucket policy changes

Description

Usage

SQL

Tags