CloudWatch alarm for API calls without MFA

Our AWS partner setup metrics and alarms for us a couple years ago, and one of them was an alarm to watch for API activity where the "user" was not signed in with MFA. It appears they used something like in this link, but it's not in the public documentation anymore. https://github.com/awsdocs/aws-cloudtrail-user-guide/blob/master/doc_source/cloudwatch-alarms-for-cloudtrail-additional-examples.md#cloudwatch-alarms-for-cloudtrail-no-mfa-example

Over time we had to add additional parameters to the filter for things like AWSServiceRoleForAutoScaling. Eventually we reached the 1024 character limit of the filter expression. Is there a way to work around that limit, or since the example has been removed from AWS documentation, is it no longer necessary to have an alarm that is triggered when API calls are made without MFA?

Topics

Management & Governance

Relevant content

create one cloudwatch alarm for multiple instances
rePost-User-7340636
asked 2 years ago
Estimated cost of setting up a log metric filter and alarm on Cloudwatch
Abhi-Livspace
asked a year ago
Possible to editing alarm name and delete created metrics in Cloudwatch
Accepted Answer
AWS-User-0088168
asked 2 years ago
Cpu/Memory Low Cloud Watch Alarm for always in alarm state
rePost-User-4597206
asked a year ago
How do I calculate throughput and set a CloudWatch alarm for Transit Gateway?
AWS OFFICIALUpdated a year ago
How do I calculate throughput and set a CloudWatch alarm for AWS Direct Connect?
AWS OFFICIALUpdated a year ago
How do I calculate throughput and set a CloudWatch alarm for Site-to-Site VPN?
AWS OFFICIALUpdated a year ago
How do I combine multiple CloudWatch alarms into one alarm?
AWS OFFICIALUpdated 9 days ago
Best Practices for Distributors in delegating and restricting access privileges to downstream partners
EXPERT
Tong Jun Qun
published a year ago
Choosing Between Grafana and CloudWatch for Centralized Monitoring
EXPERT
Mina Gobrial - OptimeCloud
published 6 days ago