As one of our lead developers, Chris, recently discussed in his cloud workload security blog, using automated triggers can help you manage unusual usage activity and potential security threats. Instead of monitoring manually, you can configure a system that informs you of issues as they occur. To do this, you can use AWS CloudTrail and Amazon CloudWatch.
Steps are as follows:
1. Identify relevant events in CloudTrail.
2. Create a log group for CloudTrail events—essentially a grouping of records pertaining the behavior you identified.
3. Create the alarm in CloudWatch. This involves two steps:
1. Set a metric filter. You can select the log group you created earlier, then use the “Define Logs Metric Filter” screen to specify a filter pattern.
2. Set an alarm based on that filter. This includes name, description, and state fields to specify the conditions of when you should be alerted, as well as an option to detail a broader email list.
Amazon has a few great examples of creating CloudWatch alarms. Alarms can also be used to recover EC2 instances, as failsafes, and more.