CloudWatch alarm for API calls without MFA

0

Our AWS partner setup metrics and alarms for us a couple years ago, and one of them was an alarm to watch for API activity where the "user" was not signed in with MFA. It appears they used something like in this link, but it's not in the public documentation anymore. https://github.com/awsdocs/aws-cloudtrail-user-guide/blob/master/doc_source/cloudwatch-alarms-for-cloudtrail-additional-examples.md#cloudwatch-alarms-for-cloudtrail-no-mfa-example

Over time we had to add additional parameters to the filter for things like AWSServiceRoleForAutoScaling. Eventually we reached the 1024 character limit of the filter expression. Is there a way to work around that limit, or since the example has been removed from AWS documentation, is it no longer necessary to have an alarm that is triggered when API calls are made without MFA?

asked 5 months ago33 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions