Ensure accounts have properly configured monitoring and alerting (e.g. CLoudTrail). This Op is unnecessary if you are using the centralized monitoring configuration.
CloudTrail, Config, CloudWatch, GuardDuty, S3
This Op properly configures a recommended baseline monitoring and alerting infrastructure for AWS accounts. This is the local account version that does not centralize logs and alerts. Use the *Integrate with central monitoring* Op if you want the account linked into the DisruptOPS centralized infrastructure. This Op enables CloudTrail in all regions, saves the logs to a new (local) S3 bucket, streams the activity to CloudWatch, and enables Config and GuardDuty. It can optionally run the *Implement local account security alerts* Op. It then monitors the account to maintain the configuration over time.
Supported Issue Types:
- Account is not configured with recommended monitoring and alerting configuration
- Monitoring and alerting exists but does not match required configuration
- CloudTrail/Config/CloudWatch/GuardDuty is not configured correctly and should be repaired
- Implement local monitoring and alerting configuration
- Repair non-compliant monitoring and alerting configuration
We spend a lot of time talking to cloud security professionals, basically trying to figure out the best ways to get their jobs done in largely uncharted territory. Cloud technology is evolving at an unprecedented [...]
In Quick and Dirty: Building an S3 guardrail with Config we highlighted one of the big problems with Config: you need to set it up in each region of each account. Your best bet to make [...]