2 Answers
- Newest
- Most votes
- Most comments
1
Only thing I am aware of is if you have a remediation action trigged by a AWS Config rule. So it can be automated, but not "automatic". I suggest you search the Cloudtrail logs to understand how and who changed the SG.
https://repost.aws/knowledge-center/cloudtrail-event-history-changed
1
Hi,
To understand what happened, you can use CloudTrail where every API call is tracked with who, when, etc.
This will allow you to understand how your sec group changed happened.
See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/logging_cw_api_calls.html for details
Best,
Didier
Relevant content
- asked a year ago
- Accepted Answerasked 3 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated a year ago