Checks/Aws/Test-CloudwatchLogMetricFilterAndAlarmForAwsConfigConfigurationChangesEnabled.ps1
|
function Test-CloudwatchLogMetricFilterAndAlarmForAwsConfigConfigurationChangesEnabled { <# .SYNOPSIS CloudWatch Logs metric filter and alarm exist for AWS Config configuration changes .DESCRIPTION CloudTrail logs in **CloudWatch Logs** are inspected for a metric filter and alarm that track **AWS Config configuration changes**, specifically `StopConfigurationRecorder`, `DeleteDeliveryChannel`, `PutDeliveryChannel`, and `PutConfigurationRecorder` events from `config.amazonaws.com`. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled for reference.', 'N/A', 'cloudwatch Resources') } |