Ensure accounts have properly configured monitoring and alerting (e.g. CLoudTrail). This Op is unnecessary if you are using the centralized monitoring configuration.
CloudTrail, Config, CloudWatch, GuardDuty, S3
This Op properly configures a recommended baseline monitoring and alerting infrastructure for AWS accounts. This is the local account version that does not centralize logs and alerts. Use the *Integrate with central monitoring* Op if you want the account linked into the DisruptOPS centralized infrastructure. This Op enables CloudTrail in all regions, saves the logs to a new (local) S3 bucket, streams the activity to CloudWatch, and enables Config and GuardDuty. It can optionally run the *Implement local account security alerts* Op. It then monitors the account to maintain the configuration over time.
Supported Issue Types:
- Account is not configured with recommended monitoring and alerting configuration
- Monitoring and alerting exists but does not match required configuration
- CloudTrail/Config/CloudWatch/GuardDuty is not configured correctly and should be repaired
- Implement local monitoring and alerting configuration
- Repair non-compliant monitoring and alerting configuration
In Quick and Dirty: Building an S3 guardrail with Config we highlighted one of the big problems with Config: you need to set it up in each region of each account. Your best bet to make [...]
In How S3 Buckets Become Public, and the Fastest Way to Find Yours we reviewed the myriad of ways S3 buckets become public and where to look for them. Today I'll show the easiest way [...]