aws_accessanalyzer_analyzeraws_accessanalyzer_findingaws_accountaws_account_alternate_contactaws_account_contactaws_acm_certificateaws_acmpca_certificate_authorityaws_amplify_appaws_api_gateway_api_keyaws_api_gateway_authorizeraws_api_gateway_domain_nameaws_api_gateway_methodaws_api_gateway_rest_apiaws_api_gateway_stageaws_api_gateway_usage_planaws_api_gatewayv2_apiaws_api_gatewayv2_domain_nameaws_api_gatewayv2_integrationaws_api_gatewayv2_routeaws_api_gatewayv2_stageaws_app_runner_serviceaws_appautoscaling_policyaws_appautoscaling_targetaws_appconfig_applicationaws_appstream_fleetaws_appstream_imageaws_appsync_graphql_apiaws_athena_query_executionaws_athena_workgroupaws_auditmanager_assessmentaws_auditmanager_controlaws_auditmanager_evidenceaws_auditmanager_evidence_folderaws_auditmanager_frameworkaws_availability_zoneaws_backup_frameworkaws_backup_jobaws_backup_legal_holdaws_backup_planaws_backup_protected_resourceaws_backup_recovery_pointaws_backup_report_planaws_backup_selectionaws_backup_vaultaws_cloudcontrol_resourceaws_cloudformation_stackaws_cloudformation_stack_resourceaws_cloudformation_stack_setaws_cloudfront_cache_policyaws_cloudfront_distributionaws_cloudfront_functionaws_cloudfront_origin_access_identityaws_cloudfront_origin_request_policyaws_cloudfront_response_headers_policyaws_cloudsearch_domainaws_cloudtrail_channelaws_cloudtrail_event_data_storeaws_cloudtrail_importaws_cloudtrail_lookup_eventaws_cloudtrail_queryaws_cloudtrail_trailaws_cloudtrail_trail_eventaws_cloudwatch_alarmaws_cloudwatch_log_eventaws_cloudwatch_log_groupaws_cloudwatch_log_metric_filteraws_cloudwatch_log_resource_policyaws_cloudwatch_log_streamaws_cloudwatch_log_subscription_filteraws_cloudwatch_metricaws_cloudwatch_metric_data_pointaws_cloudwatch_metric_statistic_data_pointaws_codeartifact_domainaws_codeartifact_repositoryaws_codebuild_buildaws_codebuild_projectaws_codebuild_source_credentialaws_codecommit_repositoryaws_codedeploy_appaws_codedeploy_deployment_configaws_codedeploy_deployment_groupaws_codepipeline_pipelineaws_codestar_notification_ruleaws_cognito_identity_poolaws_cognito_identity_provideraws_cognito_user_poolaws_config_aggregate_authorizationaws_config_configuration_recorderaws_config_conformance_packaws_config_retention_configurationaws_config_ruleaws_cost_by_account_dailyaws_cost_by_account_monthlyaws_cost_by_record_type_dailyaws_cost_by_record_type_monthlyaws_cost_by_service_dailyaws_cost_by_service_monthlyaws_cost_by_service_usage_type_dailyaws_cost_by_service_usage_type_monthlyaws_cost_by_tagaws_cost_forecast_dailyaws_cost_forecast_monthlyaws_cost_usageaws_dax_clusteraws_dax_parameteraws_dax_parameter_groupaws_dax_subnet_groupaws_directory_service_certificateaws_directory_service_directoryaws_directory_service_log_subscriptionaws_directory_servicelog_subscriptionaws_dlm_lifecycle_policyaws_dms_certificateaws_dms_endpointaws_dms_replication_instanceaws_dms_replication_taskaws_docdb_clusteraws_docdb_cluster_instanceaws_docdb_cluster_snapshotaws_drs_jobaws_drs_recovery_instanceaws_drs_recovery_snapshotaws_drs_source_serveraws_dynamodb_backupaws_dynamodb_global_tableaws_dynamodb_metric_account_provisioned_read_capacity_utilaws_dynamodb_metric_account_provisioned_write_capacity_utilaws_dynamodb_tableaws_dynamodb_table_exportaws_ebs_snapshotaws_ebs_volumeaws_ebs_volume_metric_read_opsaws_ebs_volume_metric_read_ops_dailyaws_ebs_volume_metric_read_ops_hourlyaws_ebs_volume_metric_write_opsaws_ebs_volume_metric_write_ops_dailyaws_ebs_volume_metric_write_ops_hourlyaws_ec2_amiaws_ec2_ami_sharedaws_ec2_application_load_balanceraws_ec2_application_load_balancer_metric_request_countaws_ec2_application_load_balancer_metric_request_count_dailyaws_ec2_autoscaling_groupaws_ec2_capacity_reservationaws_ec2_classic_load_balanceraws_ec2_client_vpn_endpointaws_ec2_gateway_load_balanceraws_ec2_instanceaws_ec2_instance_availabilityaws_ec2_instance_metric_cpu_utilizationaws_ec2_instance_metric_cpu_utilization_dailyaws_ec2_instance_metric_cpu_utilization_hourlyaws_ec2_instance_typeaws_ec2_key_pairaws_ec2_launch_configurationaws_ec2_launch_templateaws_ec2_launch_template_versionaws_ec2_load_balancer_listeneraws_ec2_load_balancer_listener_ruleaws_ec2_managed_prefix_listaws_ec2_managed_prefix_list_entryaws_ec2_network_interfaceaws_ec2_network_load_balanceraws_ec2_network_load_balancer_metric_net_flow_countaws_ec2_network_load_balancer_metric_net_flow_count_dailyaws_ec2_regional_settingsaws_ec2_reserved_instanceaws_ec2_spot_priceaws_ec2_ssl_policyaws_ec2_target_groupaws_ec2_transit_gatewayaws_ec2_transit_gateway_routeaws_ec2_transit_gateway_route_tableaws_ec2_transit_gateway_vpc_attachmentaws_ecr_imageaws_ecr_image_scan_findingaws_ecr_registry_scanning_configurationaws_ecr_repositoryaws_ecrpublic_repositoryaws_ecs_clusteraws_ecs_cluster_metric_cpu_utilizationaws_ecs_cluster_metric_cpu_utilization_dailyaws_ecs_cluster_metric_cpu_utilization_hourlyaws_ecs_container_instanceaws_ecs_serviceaws_ecs_taskaws_ecs_task_definitionaws_efs_access_pointaws_efs_file_systemaws_efs_mount_targetaws_eks_addonaws_eks_addon_versionaws_eks_clusteraws_eks_fargate_profileaws_eks_identity_provider_configaws_eks_node_groupaws_elastic_beanstalk_applicationaws_elastic_beanstalk_application_versionaws_elastic_beanstalk_environmentaws_elasticache_clusteraws_elasticache_parameter_groupaws_elasticache_redis_metric_cache_hits_hourlyaws_elasticache_redis_metric_curr_connections_hourlyaws_elasticache_redis_metric_engine_cpu_utilization_dailyaws_elasticache_redis_metric_engine_cpu_utilization_hourlyaws_elasticache_redis_metric_get_type_cmds_hourlyaws_elasticache_redis_metric_list_based_cmds_hourlyaws_elasticache_redis_metric_new_connections_hourlyaws_elasticache_replication_groupaws_elasticache_reserved_cache_nodeaws_elasticache_subnet_groupaws_elasticsearch_domainaws_emr_block_public_access_configurationaws_emr_clusteraws_emr_cluster_metric_is_idleaws_emr_instanceaws_emr_instance_fleetaws_emr_instance_groupaws_emr_security_configurationaws_eventbridge_busaws_eventbridge_ruleaws_fms_app_listaws_fms_policyaws_fsx_file_systemaws_glacier_vaultaws_globalaccelerator_acceleratoraws_globalaccelerator_endpoint_groupaws_globalaccelerator_listeneraws_glue_catalog_databaseaws_glue_catalog_tableaws_glue_connectionaws_glue_crawleraws_glue_data_catalog_encryption_settingsaws_glue_data_quality_rulesetaws_glue_dev_endpointaws_glue_jobaws_glue_security_configurationaws_guardduty_detectoraws_guardduty_filteraws_guardduty_findingaws_guardduty_ipsetaws_guardduty_memberaws_guardduty_publishing_destinationaws_guardduty_threat_intel_setaws_health_affected_entityaws_health_eventaws_iam_access_advisoraws_iam_access_keyaws_iam_account_password_policyaws_iam_account_summaryaws_iam_actionaws_iam_credential_reportaws_iam_groupaws_iam_open_id_connect_provideraws_iam_policyaws_iam_policy_attachmentaws_iam_policy_simulatoraws_iam_roleaws_iam_saml_provideraws_iam_server_certificateaws_iam_service_specific_credentialaws_iam_useraws_iam_virtual_mfa_deviceaws_identitystore_groupaws_identitystore_group_membershipaws_identitystore_useraws_inspector2_coverageaws_inspector2_coverage_statisticsaws_inspector2_findingaws_inspector2_memberaws_inspector_assessment_runaws_inspector_assessment_targetaws_inspector_assessment_templateaws_inspector_exclusionaws_inspector_findingaws_iot_fleet_metricaws_iot_thingaws_iot_thing_groupaws_iot_thing_typeaws_kinesis_consumeraws_kinesis_firehose_delivery_streamaws_kinesis_streamaws_kinesis_video_streamaws_kinesisanalyticsv2_applicationaws_kms_aliasaws_kms_keyaws_kms_key_rotationaws_lambda_aliasaws_lambda_event_source_mappingaws_lambda_functionaws_lambda_function_metric_duration_dailyaws_lambda_function_metric_errors_dailyaws_lambda_function_metric_invocations_dailyaws_lambda_layeraws_lambda_layer_versionaws_lambda_versionaws_lightsail_bucketaws_lightsail_instanceaws_macie2_classification_jobaws_media_store_containeraws_memorydb_clusteraws_mgn_applicationaws_mq_brokeraws_msk_clusteraws_msk_serverless_clusteraws_neptune_db_clusteraws_neptune_db_cluster_snapshotaws_networkfirewall_firewallaws_networkfirewall_firewall_policyaws_networkfirewall_rule_groupaws_oam_linkaws_oam_sinkaws_opensearch_domainaws_organizations_accountaws_organizations_organizational_unitaws_organizations_policyaws_organizations_policy_targetaws_organizations_rootaws_pinpoint_appaws_pipes_pipeaws_pricing_productaws_pricing_service_attributeaws_ram_principal_associationaws_ram_resource_associationaws_rds_db_clusteraws_rds_db_cluster_parameter_groupaws_rds_db_cluster_snapshotaws_rds_db_engine_versionaws_rds_db_event_subscriptionaws_rds_db_instanceaws_rds_db_instance_automated_backupaws_rds_db_instance_metric_connectionsaws_rds_db_instance_metric_connections_dailyaws_rds_db_instance_metric_connections_hourlyaws_rds_db_instance_metric_cpu_utilizationaws_rds_db_instance_metric_cpu_utilization_dailyaws_rds_db_instance_metric_cpu_utilization_hourlyaws_rds_db_instance_metric_read_iopsaws_rds_db_instance_metric_read_iops_dailyaws_rds_db_instance_metric_read_iops_hourlyaws_rds_db_instance_metric_write_iopsaws_rds_db_instance_metric_write_iops_dailyaws_rds_db_instance_metric_write_iops_hourlyaws_rds_db_option_groupaws_rds_db_parameter_groupaws_rds_db_proxyaws_rds_db_recommendationaws_rds_db_snapshotaws_rds_db_subnet_groupaws_rds_reserved_db_instanceaws_redshift_clusteraws_redshift_cluster_metric_cpu_utilization_dailyaws_redshift_event_subscriptionaws_redshift_parameter_groupaws_redshift_snapshotaws_redshift_subnet_groupaws_redshiftserverless_namespaceaws_redshiftserverless_workgroupaws_regionaws_resource_explorer_indexaws_resource_explorer_searchaws_resource_explorer_supported_resource_typeaws_route53_domainaws_route53_health_checkaws_route53_query_logaws_route53_recordaws_route53_resolver_endpointaws_route53_resolver_query_log_configaws_route53_resolver_ruleaws_route53_traffic_policyaws_route53_traffic_policy_instanceaws_route53_vpc_association_authorizationaws_route53_zoneaws_s3_access_pointaws_s3_account_settingsaws_s3_bucketaws_s3_bucket_intelligent_tiering_configurationaws_s3_multi_region_access_pointaws_s3_objectaws_s3_object_versionaws_sagemaker_appaws_sagemaker_domainaws_sagemaker_endpoint_configurationaws_sagemaker_modelaws_sagemaker_notebook_instanceaws_sagemaker_training_jobaws_secretsmanager_secretaws_securityhub_action_targetaws_securityhub_enabled_product_subscriptionaws_securityhub_findingaws_securityhub_finding_aggregatoraws_securityhub_hubaws_securityhub_insightaws_securityhub_memberaws_securityhub_productaws_securityhub_standards_controlaws_securityhub_standards_subscriptionaws_securitylake_data_lakeaws_securitylake_subscriberaws_serverlessapplicationrepository_applicationaws_service_discovery_instanceaws_service_discovery_namespaceaws_service_discovery_serviceaws_servicecatalog_portfolioaws_servicecatalog_productaws_servicecatalog_provisioned_productaws_servicequotas_default_service_quotaaws_servicequotas_serviceaws_servicequotas_service_quotaaws_servicequotas_service_quota_change_requestaws_ses_domain_identityaws_ses_email_identityaws_sfn_state_machineaws_sfn_state_machine_executionaws_sfn_state_machine_execution_historyaws_simspaceweaver_simulationaws_sns_subscriptionaws_sns_topicaws_sns_topic_subscriptionaws_sqs_queueaws_ssm_associationaws_ssm_documentaws_ssm_document_permissionaws_ssm_inventoryaws_ssm_inventory_entryaws_ssm_maintenance_windowaws_ssm_managed_instanceaws_ssm_managed_instance_complianceaws_ssm_managed_instance_patch_stateaws_ssm_parameteraws_ssm_patch_baselineaws_ssmincidents_response_planaws_ssoadmin_account_assignmentaws_ssoadmin_instanceaws_ssoadmin_managed_policy_attachmentaws_ssoadmin_permission_setaws_sts_caller_identityaws_tagging_resourceaws_timestreamwrite_databaseaws_timestreamwrite_tableaws_transfer_serveraws_transfer_useraws_trusted_advisor_check_summaryaws_vpcaws_vpc_customer_gatewayaws_vpc_dhcp_optionsaws_vpc_egress_only_internet_gatewayaws_vpc_eipaws_vpc_eip_address_transferaws_vpc_endpointaws_vpc_endpoint_serviceaws_vpc_flow_logaws_vpc_flow_log_eventaws_vpc_internet_gatewayaws_vpc_nat_gatewayaws_vpc_nat_gateway_metric_bytes_out_to_destinationaws_vpc_network_aclaws_vpc_peering_connectionaws_vpc_routeaws_vpc_route_tableaws_vpc_security_groupaws_vpc_security_group_ruleaws_vpc_subnetaws_vpc_verified_access_endpointaws_vpc_verified_access_groupaws_vpc_verified_access_instanceaws_vpc_verified_access_trust_provideraws_vpc_vpn_connectionaws_vpc_vpn_gatewayaws_waf_rate_based_ruleaws_waf_ruleaws_waf_rule_groupaws_waf_web_aclaws_wafregional_ruleaws_wafregional_rule_groupaws_wafregional_web_aclaws_wafv2_ip_setaws_wafv2_regex_pattern_setaws_wafv2_rule_groupaws_wafv2_web_aclaws_wellarchitected_answeraws_wellarchitected_check_detailaws_wellarchitected_check_summaryaws_wellarchitected_consolidated_reportaws_wellarchitected_lensaws_wellarchitected_lens_reviewaws_wellarchitected_lens_review_improvementaws_wellarchitected_lens_review_reportaws_wellarchitected_lens_shareaws_wellarchitected_milestoneaws_wellarchitected_notificationaws_wellarchitected_share_invitationaws_wellarchitected_workloadaws_wellarchitected_workload_shareaws_workspaces_directoryaws_workspaces_workspace
Table: aws_cloudwatch_alarm - Query AWS CloudWatch Alarms using SQL
The AWS CloudWatch Alarms is a feature of Amazon CloudWatch, a monitoring service for AWS resources and applications. CloudWatch Alarms allow you to monitor Amazon Web Services resources and trigger actions when changes in data points meet certain defined thresholds. They help you react quickly to issues that may affect your applications or infrastructure, thereby enhancing your ability to keep applications running smoothly.
Table Usage Guide
The aws_cloudwatch_alarm table in Steampipe provides you with information about alarms within AWS CloudWatch. This table allows you, as a DevOps engineer, to query alarm-specific details, including its current state, configuration, and actions associated with each alarm. You can utilize this table to gather insights on alarms, such as alarms in a particular state, alarms associated with specific AWS resources, and understanding the actions that will be triggered when an alarm state changes. The schema outlines the various attributes of the CloudWatch alarm for you, including the alarm name, alarm description, metric name, comparison operator, and associated tags.
Examples
Basic info
Explore the status and configurations of your CloudWatch alarms to understand their current operational state and the conditions that trigger them. This can help you monitor the health and performance of your AWS resources more effectively.
select name, state_value, metric_name, actions_enabled, comparison_operator, namespace, statisticfrom aws_cloudwatch_alarm;select name, state_value, metric_name, actions_enabled, comparison_operator, namespace, statisticfrom aws_cloudwatch_alarm;List alarms in alarm state
Discover the segments that are currently in an alarm state. This is useful to quickly identify and address any issues within your cloud infrastructure.
select name, arn, state_value, state_reasonfrom aws_cloudwatch_alarmwhere state_value = 'ALARM';select name, arn, state_value, state_reasonfrom aws_cloudwatch_alarmwhere state_value = 'ALARM';List alarms with alarm actions enabled
Identify instances where alarms have been activated with specific actions in the AWS CloudWatch service. This can be useful in understanding the active monitoring and alerting mechanisms in place for system events.
select arn, actions_enabled, alarm_actionsfrom aws_cloudwatch_alarmwhere actions_enabled;select arn, actions_enabled, alarm_actionsfrom aws_cloudwatch_alarmwhere actions_enabled = 1;Get the metric attached to each alarm based on a single metric
Discover the segments that have alarms set based on specific metrics within the AWS Cloudwatch service. This is particularly useful for monitoring and managing application performance, resource utilization, and operational health.
select name, metric_name, namespace, period, statistic, dimensionsfrom aws_cloudwatch_alarmwhere metric_name is not null;select name, metric_name, namespace, period, statistic, dimensionsfrom aws_cloudwatch_alarmwhere metric_name is not null;Get metrics attached to each alarm based on a metric math expression
Identify the metrics associated with each alarm based on mathematical expressions. This can help in understanding the performance of various elements and aid in proactive monitoring and troubleshooting.
select name, metric ->> 'Id' as metric_id, metric ->> 'Expression' as metric_expression, metric -> 'MetricStat' -> 'Metric' ->> 'MetricName' as metric_name, metric -> 'MetricStat' -> 'Metric' ->> 'Namespace' as metric_namespace, metric -> 'MetricStat' -> 'Metric' ->> 'Dimensions' as metric_dimensions, metric ->> 'ReturnData' as metric_return_datafrom aws_cloudwatch_alarm, jsonb_array_elements(metrics) as metric;select name, json_extract(metric, '$.Id') as metric_id, json_extract(metric, '$.Expression') as metric_expression, json_extract(metric, '$.MetricStat.Metric.MetricName') as metric_name, json_extract(metric, '$.MetricStat.Metric.Namespace') as metric_namespace, json_extract(metric, '$.MetricStat.Metric.Dimensions') as metric_dimensions, json_extract(metric, '$.ReturnData') as metric_return_datafrom aws_cloudwatch_alarm, json_each(metrics) as metric;Control examples
- All Controls > CloudWatch > Ensure AWS Organizations changes are monitored
- CIS v1.2.0 > 3 Monitoring > 3.1 Ensure a log metric filter and alarm exist for unauthorized API calls
- CIS v1.2.0 > 3 Monitoring > 3.10 Ensure a log metric filter and alarm exist for security group changes
- CIS v1.2.0 > 3 Monitoring > 3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)
- CIS v1.2.0 > 3 Monitoring > 3.12 Ensure a log metric filter and alarm exist for changes to network gateways
- CIS v1.2.0 > 3 Monitoring > 3.13 Ensure a log metric filter and alarm exist for route table changes
- CIS v1.2.0 > 3 Monitoring > 3.14 Ensure a log metric filter and alarm exist for VPC changes
- CIS v1.2.0 > 3 Monitoring > 3.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA
- CIS v1.2.0 > 3 Monitoring > 3.3 Ensure a log metric filter and alarm exist for usage of "root" account
- CIS v1.2.0 > 3 Monitoring > 3.4 Ensure a log metric filter and alarm exist for IAM policy changes
- CIS v1.2.0 > 3 Monitoring > 3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes
- CIS v1.2.0 > 3 Monitoring > 3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
- CIS v1.2.0 > 3 Monitoring > 3.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
- CIS v1.2.0 > 3 Monitoring > 3.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes
- CIS v1.2.0 > 3 Monitoring > 3.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes
- CIS v1.3.0 > 4 Monitoring > 4.1 Ensure a log metric filter and alarm exist for unauthorized API calls
- CIS v1.3.0 > 4 Monitoring > 4.10 Ensure a log metric filter and alarm exist for security group changes
- CIS v1.3.0 > 4 Monitoring > 4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)
- CIS v1.3.0 > 4 Monitoring > 4.12 Ensure a log metric filter and alarm exist for changes to network gateways
- CIS v1.3.0 > 4 Monitoring > 4.13 Ensure a log metric filter and alarm exist for route table changes
- CIS v1.3.0 > 4 Monitoring > 4.14 Ensure a log metric filter and alarm exist for VPC changes
- CIS v1.3.0 > 4 Monitoring > 4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes
- CIS v1.3.0 > 4 Monitoring > 4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA
- CIS v1.3.0 > 4 Monitoring > 4.3 Ensure a log metric filter and alarm exist for usage of "root" account
- CIS v1.3.0 > 4 Monitoring > 4.4 Ensure a log metric filter and alarm exist for IAM policy changes
- CIS v1.3.0 > 4 Monitoring > 4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes
- CIS v1.3.0 > 4 Monitoring > 4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
- CIS v1.3.0 > 4 Monitoring > 4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
- CIS v1.3.0 > 4 Monitoring > 4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes
- CIS v1.3.0 > 4 Monitoring > 4.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes
- CIS v1.4.0 > 4 Monitoring > 4.1 Ensure a log metric filter and alarm exist for unauthorized API calls
- CIS v1.4.0 > 4 Monitoring > 4.10 Ensure a log metric filter and alarm exist for security group changes
- CIS v1.4.0 > 4 Monitoring > 4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)
- CIS v1.4.0 > 4 Monitoring > 4.12 Ensure a log metric filter and alarm exist for changes to network gateways
- CIS v1.4.0 > 4 Monitoring > 4.13 Ensure a log metric filter and alarm exist for route table changes
- CIS v1.4.0 > 4 Monitoring > 4.14 Ensure a log metric filter and alarm exist for VPC changes
- CIS v1.4.0 > 4 Monitoring > 4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes
- CIS v1.4.0 > 4 Monitoring > 4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA
- CIS v1.4.0 > 4 Monitoring > 4.3 Ensure a log metric filter and alarm exist for usage of 'root' account
- CIS v1.4.0 > 4 Monitoring > 4.4 Ensure a log metric filter and alarm exist for IAM policy changes
- CIS v1.4.0 > 4 Monitoring > 4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes
- CIS v1.4.0 > 4 Monitoring > 4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
- CIS v1.4.0 > 4 Monitoring > 4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
- CIS v1.4.0 > 4 Monitoring > 4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes
- CIS v1.4.0 > 4 Monitoring > 4.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes
- CIS v1.5.0 > 4 Monitoring > 4.1 Ensure a log metric filter and alarm exist for unauthorized API calls
- CIS v1.5.0 > 4 Monitoring > 4.10 Ensure a log metric filter and alarm exist for security group changes
- CIS v1.5.0 > 4 Monitoring > 4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)
- CIS v1.5.0 > 4 Monitoring > 4.12 Ensure a log metric filter and alarm exist for changes to network gateways
- CIS v1.5.0 > 4 Monitoring > 4.13 Ensure a log metric filter and alarm exist for route table changes
- CIS v1.5.0 > 4 Monitoring > 4.14 Ensure a log metric filter and alarm exist for VPC changes
- CIS v1.5.0 > 4 Monitoring > 4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes
- CIS v1.5.0 > 4 Monitoring > 4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA
- CIS v1.5.0 > 4 Monitoring > 4.3 Ensure a log metric filter and alarm exist for usage of 'root' account
- CIS v1.5.0 > 4 Monitoring > 4.4 Ensure a log metric filter and alarm exist for IAM policy changes
- CIS v1.5.0 > 4 Monitoring > 4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes
- CIS v1.5.0 > 4 Monitoring > 4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
- CIS v1.5.0 > 4 Monitoring > 4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
- CIS v1.5.0 > 4 Monitoring > 4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes
- CIS v1.5.0 > 4 Monitoring > 4.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes
- CIS v2.0.0 > 4 Monitoring > 4.1 Ensure unauthorized API calls are monitored
- CIS v2.0.0 > 4 Monitoring > 4.10 Ensure security group changes are monitored
- CIS v2.0.0 > 4 Monitoring > 4.11 Ensure Network Access Control Lists (NACL) changes are monitored
- CIS v2.0.0 > 4 Monitoring > 4.12 Ensure changes to network gateways are monitored
- CIS v2.0.0 > 4 Monitoring > 4.13 Ensure route table changes are monitored
- CIS v2.0.0 > 4 Monitoring > 4.14 Ensure VPC changes are monitored
- CIS v2.0.0 > 4 Monitoring > 4.15 Ensure AWS Organizations changes are monitored
- CIS v2.0.0 > 4 Monitoring > 4.2 Ensure management console sign-in without MFA is monitored
- CIS v2.0.0 > 4 Monitoring > 4.3 Ensure usage of 'root' account is monitored
- CIS v2.0.0 > 4 Monitoring > 4.4 Ensure IAM policy changes are monitored
- CIS v2.0.0 > 4 Monitoring > 4.5 Ensure CloudTrail configuration changes are monitored
- CIS v2.0.0 > 4 Monitoring > 4.6 Ensure AWS Management Console authentication failures are monitored
- CIS v2.0.0 > 4 Monitoring > 4.7 Ensure disabling or scheduled deletion of customer created CMKs is monitored
- CIS v2.0.0 > 4 Monitoring > 4.8 Ensure S3 bucket policy changes are monitored
- CIS v2.0.0 > 4 Monitoring > 4.9 Ensure AWS Config configuration changes are monitored
- CIS v3.0.0 > 4 Monitoring > 4.1 Ensure unauthorized API calls are monitored
- CIS v3.0.0 > 4 Monitoring > 4.10 Ensure security group changes are monitored
- CIS v3.0.0 > 4 Monitoring > 4.11 Ensure Network Access Control Lists (NACL) changes are monitored
- CIS v3.0.0 > 4 Monitoring > 4.12 Ensure changes to network gateways are monitored
- CIS v3.0.0 > 4 Monitoring > 4.13 Ensure route table changes are monitored
- CIS v3.0.0 > 4 Monitoring > 4.14 Ensure VPC changes are monitored
- CIS v3.0.0 > 4 Monitoring > 4.15 Ensure AWS Organizations changes are monitored
- CIS v3.0.0 > 4 Monitoring > 4.2 Ensure management console sign-in without MFA is monitored
- CIS v3.0.0 > 4 Monitoring > 4.3 Ensure usage of 'root' account is monitored
- CIS v3.0.0 > 4 Monitoring > 4.4 Ensure IAM policy changes are monitored
- CIS v3.0.0 > 4 Monitoring > 4.5 Ensure CloudTrail configuration changes are monitored
- CIS v3.0.0 > 4 Monitoring > 4.6 Ensure AWS Management Console authentication failures are monitored
- CIS v3.0.0 > 4 Monitoring > 4.7 Ensure disabling or scheduled deletion of customer created CMKs is monitored
- CIS v3.0.0 > 4 Monitoring > 4.8 Ensure S3 bucket policy changes are monitored
- CIS v3.0.0 > 4 Monitoring > 4.9 Ensure AWS Config configuration changes are monitored
- CloudWatch alarm action should be enabled
- CloudWatch alarm should have an action configured
- Ensure a log metric filter and alarm exist for AWS Config configuration changes
- Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
- Ensure a log metric filter and alarm exist for AWS Management Console sign-in without MFA
- Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)
- Ensure a log metric filter and alarm exist for changes to network gateways
- Ensure a log metric filter and alarm exist for CloudTrail configuration changes
- Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer managed keys
- Ensure a log metric filter and alarm exist for IAM policy changes
- Ensure a log metric filter and alarm exist for route table changes
- Ensure a log metric filter and alarm exist for S3 bucket policy changes
- Ensure a log metric filter and alarm exist for security group changes
- Ensure a log metric filter and alarm exist for unauthorized API calls
- Ensure a log metric filter and alarm exist for usage of 'root' account
- Ensure a log metric filter and alarm exist for VPC changes
Schema for aws_cloudwatch_alarm
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
| actions_enabled | boolean | Indicates whether actions should be executed during any changes to the alarm state. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| alarm_actions | jsonb | The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | |
| alarm_configuration_updated_timestamp | timestamp with time zone | The time stamp of the last update to the alarm configuration. | |
| alarm_description | text | The description of the alarm. | |
| arn | text | The Amazon Resource Name (ARN) of the alarm. | |
| comparison_operator | text | The arithmetic operation to use when comparing the specified statistic and threshold. The specified statistic value is used as the first operand. | |
| datapoints_to_alarm | bigint | The number of data points that must be breaching to trigger the alarm. | |
| dimensions | jsonb | The dimensions for the metric associated with the alarm. | |
| evaluate_low_sample_count_percentile | text | Used only for alarms based on percentiles. | |
| evaluation_periods | bigint | The number of periods over which data is compared to the specified threshold. | |
| evaluation_state | text | If the value of this field is PARTIAL_DATA , the alarm is being evaluated based on only partial data. This happens if the query used for the alarm returns more than 10,000 metrics. | |
| extended_statistic | text | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | |
| insufficient_data_actions | jsonb | The actions to execute when this alarm transitions to the INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | |
| metric_name | text | The name of the metric associated with the alarm, if this is an alarm based on a single metric. | |
| metrics | jsonb | An array of MetricDataQuery structures, used in an alarm based on a metric math expression. | |
| name | text | = | The name of the alarm. |
| namespace | text | The namespace of the metric associated with the alarm. | |
| ok_actions | jsonb | The actions to execute when this alarm transitions to the OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | |
| partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
| period | bigint | The period, in seconds, over which the statistic is applied. | |
| region | text | The AWS Region in which the resource is located. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| state_reason | text | An explanation for the alarm state, in text format. | |
| state_reason_data | text | An explanation for the alarm state, in JSON format. | |
| state_transitioned_timestamp | timestamp with time zone | The date and time that the alarm's StateValue most recently changed. | |
| state_updated_timestamp | timestamp with time zone | The time stamp of the last update to the alarm state. | |
| state_value | text | = | The state value for the alarm. |
| statistic | text | The statistic for the metric associated with the alarm, other than percentile. | |
| tags | jsonb | A map of tags for the resource. | |
| tags_src | jsonb | The list of tag keys and values associated with alarm. | |
| threshold | double precision | The value to compare with the specified statistic. | |
| threshold_metric_id | text | In an alarm based on an anomaly detection model, this is the ID of the ANOMALY_DETECTION_BAND function used as the threshold for the alarm. | |
| title | text | Title of the resource. | |
| treat_missing_data | text | Sets how this alarm is to handle missing data points. If this parameter is omitted, the default behavior of missing is used. | |
| unit | text | The unit of the metric associated with the alarm. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- awsYou can pass the configuration to the command with the --config argument:
steampipe_export_aws --config '<your_config>' aws_cloudwatch_alarm