2328 add log metric filtersalarms for aws cis benchmarks (#2382)

* Add period fields and metric names where missing.
cisagov · Nov 14, 2023 · f9413e1 · f9413e1
1 parent 57a0284
commit f9413e1
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/infrastructure/log_alarms.tf b/infrastructure/log_alarms.tf
@@ -4,6 +4,7 @@ resource "aws_cloudwatch_metric_alarm" "root_user" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -20,6 +21,7 @@ resource "aws_cloudwatch_metric_alarm" "unauthorized_api_call" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -36,6 +38,7 @@ resource "aws_cloudwatch_metric_alarm" "login_without_mfa" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -52,6 +55,7 @@ resource "aws_cloudwatch_metric_alarm" "iam_policy" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -68,6 +72,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudtrail" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -84,6 +89,7 @@ resource "aws_cloudwatch_metric_alarm" "login_failure" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -100,6 +106,7 @@ resource "aws_cloudwatch_metric_alarm" "cmk_delete_disable" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -116,6 +123,7 @@ resource "aws_cloudwatch_metric_alarm" "s3_bucket_policy" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -132,6 +140,7 @@ resource "aws_cloudwatch_metric_alarm" "aws_config" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -148,6 +157,7 @@ resource "aws_cloudwatch_metric_alarm" "security_group" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -164,6 +174,7 @@ resource "aws_cloudwatch_metric_alarm" "nacl" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -180,6 +191,7 @@ resource "aws_cloudwatch_metric_alarm" "network_gateway" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -196,6 +208,7 @@ resource "aws_cloudwatch_metric_alarm" "route_table" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -212,6 +225,7 @@ resource "aws_cloudwatch_metric_alarm" "vpc" {
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -224,9 +238,11 @@ resource "aws_cloudwatch_metric_alarm" "vpc" {
 
 resource "aws_cloudwatch_metric_alarm" "ec2_shutdown" {
   alarm_name          = "${var.log_metric_ec2_shutdown}-alarm"
+  metric_name         = var.log_metric_ec2_shutdown
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -239,9 +255,11 @@ resource "aws_cloudwatch_metric_alarm" "ec2_shutdown" {
 
 resource "aws_cloudwatch_metric_alarm" "db_shutdown" {
   alarm_name          = "${var.log_metric_db_shutdown}-alarm"
+  metric_name         = var.log_metric_db_shutdown
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"
 
@@ -254,9 +272,11 @@ resource "aws_cloudwatch_metric_alarm" "db_shutdown" {
 
 resource "aws_cloudwatch_metric_alarm" "db_deletion" {
   alarm_name          = "${var.log_metric_db_deletion}-alarm"
+  metric_name         = var.log_metric_db_deletion
   alarm_actions       = [aws_sns_topic.alarms.arn]
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
+  period              = 60
   threshold           = 1
   statistic           = "SampleCount"