| 123456789101112131415161718192021222324252627282930313233343536373839 |
- Root Account Alias: defpoint-mdr-root
- Root AWS Account ID: 350838957895
- Test Account ID: 527700175026
- Prod Account ID: 477548533976
- assumeRole to the test and prod accounts
- terraform has been setup to handle the cis checks for AWS. they are found in terraform/00-cis-hardening.
- Get a encoded error message from AWS?
- AWS_PROFILE=mdr-test aws sts decode-authorization-message --encoded-message Q7h4sTOW_n_znBB7ojNotL
- -------------------------------------------
- Cloudtrail metric Alarms
- so .. cloudtrail writes a trail
- that trail is written into a cloudwatch logs log group
- in the log group, there are a number of metric filters
- the metric filters create metrics, upon which a metric alarm is set
- when events matching the metric filter arrive, the metric goes up, triggerting the alarm
- new messages
- the alarm has an SNS topic it writes to that emails me that the "metric was exceeded"
- ----------------------------------------------
- AWS Systems Manager agent
- systemctl start amazon-ssm-agent
- ----------------------------------------------
|
