DEPRECATED-patrol-rules-aws
DEPRECATED-patrol-rules-aws copied to clipboard
mapbox
A set of functions implemented using lambda-cfn to monitor an organization's AWS infrastructure for best practices, security and compliance.
Patrol should alarm on bucket creation and deletion in AWS S3. /cc @arunasank @aarthykc
The idea is to get an alarm before an SSL certificate in IAM expires. For some certificates I would want an alarm a month ahead of time, and others I...
Notify user and a sec group, if my account signs in far away from my last login (e.g. different country, city, 500KM away from home). This could be a sign...
Rules that check IAM for policies, roles, etc. should not only handle new events, but should check all existing policies on a schedule. This would catch events missed during a...
It's a industry-wide practice to send an email to a user when a login is made from a unknown device. A PoC would consist of a lambda function that parses...
Trusted Adviser is able to report whether an AWS Access Key has been exposed / publicly leaked. The [announcement is here](https://aws.amazon.com/about-aws/whats-new/2016/03/aws-trusted-advisor-adds-checks-for-amazon-s3-amazon-redshift-reserved-instances-security-and-service-limits/) This could be added to the trusted adviser rule,...
It is very rare that someone should ever need to create an EC2 instance from the console. When an EC2 instance is created from the console, scripts like buildpack and...
There are times when stacks are caught in`UPDATE_ROLLBACK_FAILED` and it's good to be alerted when a stack is in such a state. Since there are no cloudwatch events that currently...
