Loading controls...
Control: Ensure a log metric filter and alarm exist for AWS Config configuration changes
Description
You can do real-time monitoring of API calls by directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Security Hub recommends that you create a metric filter and alarm for changes to AWS Config configuration settings. Monitoring these changes helps ensure sustained visibility of configuration items in the account
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.log_metric_filter_config_configurationSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.log_metric_filter_config_configuration --shareSQL
This control uses a named query:
log_metric_filter_config_configuration