我設置了SNS通知,在IAM策略發生變化時向我發送電子郵件。發生更改時,CloudTrail會將日誌發送到CloudWatch,從而觸發附加到SNS主題的警報。在此link的更多詳細信息。發生IAM更改時發送SNS通知
下面是我通過郵件得到一個例子:
Alarm Details:
- Name: PolicyAlarm
- Description: This alarm is to monitor IAM Changes
- State Change: INSUFFICIENT_DATA -> ALARM
- Reason for State Change: Threshold Crossed: 1 datapoint [1.0 (31/08/17 09:15:00)] was greater than or equal to the threshold (1.0).
- Timestamp: Thursday 31 August, 2017 09:20:39 UTC
- AWS Account: 00011100000
Threshold:
- The alarm is in the ALARM state when the metric is GreaterThanOrEqualToThreshold 1.0 for 300 seconds.
這裏唯一的相關信息是AWS Account ID
。有沒有辦法可以包含更改?誰做的,何時何地?或者可能從"eventName"
這樣的Cloudwatch日誌中發送很少的信息?
評估AWS Config。它會給你當前的配置。編寫一個邏輯來確定更改。關於誰進行了更改,您需要查看CloudTrail日誌。 –