2328 add log metric filtersalarms for aws cis benchmarks (#2384)

* Add namespace to alarms.
cisagov · Nov 15, 2023 · f8e0c19 · f8e0c19
1 parent a76ed90
commit f8e0c19
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/infrastructure/log_alarms.tf b/infrastructure/log_alarms.tf
@@ -1,6 +1,7 @@
 resource "aws_cloudwatch_metric_alarm" "root_user" {
   alarm_name          = "${var.log_metric_root_user}-alarm"
   metric_name         = var.log_metric_root_user
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -18,6 +19,7 @@ resource "aws_cloudwatch_metric_alarm" "root_user" {
 resource "aws_cloudwatch_metric_alarm" "unauthorized_api_call" {
   alarm_name          = "${var.log_metric_unauthorized_api_call}-alarm"
   metric_name         = var.log_metric_unauthorized_api_call
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -35,6 +37,7 @@ resource "aws_cloudwatch_metric_alarm" "unauthorized_api_call" {
 resource "aws_cloudwatch_metric_alarm" "login_without_mfa" {
   alarm_name          = "${var.log_metric_login_without_mfa}-alarm"
   metric_name         = var.log_metric_login_without_mfa
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -52,6 +55,7 @@ resource "aws_cloudwatch_metric_alarm" "login_without_mfa" {
 resource "aws_cloudwatch_metric_alarm" "iam_policy" {
   alarm_name          = "${var.log_metric_iam_policy}-alarm"
   metric_name         = var.log_metric_iam_policy
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -69,6 +73,7 @@ resource "aws_cloudwatch_metric_alarm" "iam_policy" {
 resource "aws_cloudwatch_metric_alarm" "cloudtrail" {
   alarm_name          = "${var.log_metric_cloudtrail}-alarm"
   metric_name         = var.log_metric_cloudtrail
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -86,6 +91,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudtrail" {
 resource "aws_cloudwatch_metric_alarm" "login_failure" {
   alarm_name          = "${var.log_metric_login_failure}-alarm"
   metric_name         = var.log_metric_login_failure
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -103,6 +109,7 @@ resource "aws_cloudwatch_metric_alarm" "login_failure" {
 resource "aws_cloudwatch_metric_alarm" "cmk_delete_disable" {
   alarm_name          = "${var.log_metric_cmk_delete_disable}-alarm"
   metric_name         = var.log_metric_cmk_delete_disable
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -120,6 +127,7 @@ resource "aws_cloudwatch_metric_alarm" "cmk_delete_disable" {
 resource "aws_cloudwatch_metric_alarm" "s3_bucket_policy" {
   alarm_name          = "${var.log_metric_s3_bucket_policy}-alarm"
   metric_name         = var.log_metric_s3_bucket_policy
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -137,6 +145,7 @@ resource "aws_cloudwatch_metric_alarm" "s3_bucket_policy" {
 resource "aws_cloudwatch_metric_alarm" "aws_config" {
   alarm_name          = "${var.log_metric_aws_config}-alarm"
   metric_name         = var.log_metric_aws_config
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -154,6 +163,7 @@ resource "aws_cloudwatch_metric_alarm" "aws_config" {
 resource "aws_cloudwatch_metric_alarm" "security_group" {
   alarm_name          = "${var.log_metric_security_group}-alarm"
   metric_name         = var.log_metric_security_group
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -171,6 +181,7 @@ resource "aws_cloudwatch_metric_alarm" "security_group" {
 resource "aws_cloudwatch_metric_alarm" "nacl" {
   alarm_name          = "${var.log_metric_nacl}-alarm"
   metric_name         = var.log_metric_nacl
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -188,6 +199,7 @@ resource "aws_cloudwatch_metric_alarm" "nacl" {
 resource "aws_cloudwatch_metric_alarm" "network_gateway" {
   alarm_name          = "${var.log_metric_network_gateway}-alarm"
   metric_name         = var.log_metric_network_gateway
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -205,6 +217,7 @@ resource "aws_cloudwatch_metric_alarm" "network_gateway" {
 resource "aws_cloudwatch_metric_alarm" "route_table" {
   alarm_name          = "${var.log_metric_route_table}-alarm"
   metric_name         = var.log_metric_route_table
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -222,6 +235,7 @@ resource "aws_cloudwatch_metric_alarm" "route_table" {
 resource "aws_cloudwatch_metric_alarm" "vpc" {
   alarm_name          = "${var.log_metric_vpc}-alarm"
   metric_name         = var.log_metric_vpc
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -239,6 +253,7 @@ resource "aws_cloudwatch_metric_alarm" "vpc" {
 resource "aws_cloudwatch_metric_alarm" "ec2_shutdown" {
   alarm_name          = "${var.log_metric_ec2_shutdown}-alarm"
   metric_name         = var.log_metric_ec2_shutdown
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -256,6 +271,7 @@ resource "aws_cloudwatch_metric_alarm" "ec2_shutdown" {
 resource "aws_cloudwatch_metric_alarm" "db_shutdown" {
   alarm_name          = "${var.log_metric_db_shutdown}-alarm"
   metric_name         = var.log_metric_db_shutdown
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -273,6 +289,7 @@ resource "aws_cloudwatch_metric_alarm" "db_shutdown" {
 resource "aws_cloudwatch_metric_alarm" "db_deletion" {
   alarm_name          = "${var.log_metric_db_deletion}-alarm"
   metric_name         = var.log_metric_db_deletion
+  namespace           = var.log_metric_namespace
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1