REAL TIME EVENTS

GorillaStack CloudFormation Templates

One-Click CloudFormation Templates with AWS Best Practices

GorillaStack Real Time Events is created with AWS best practices in mind.
Here’s a list of cloud templates you can install on GorillaStack to receive notifications within seconds of any event occurrence.

AWS Certificate Manager (ACM)

Get notified when a user requests Amazon Certificate Manager resend a domain validation email
Get notified when an SSL/TLS certificate has been deleted from ACM

 

Get notified when a user requests Amazon Certificate Manager resend a domain validation email

CloudFront

Get notified when a user creates a new CloudFront Distribution

CloudTrail

Get notified when a user calls StopLogging on CloudTrail

EC2

Get notified when a user has launches an EC2 Instance with unencrypted EBS volumes attached.


Get notified when a user modifies the ingress or egress rules for a Security Group

ElastiCache

Get notified when a user modifies ElastiCache security groups

Elastic Block Store (EBS)

Get notified when a user creates an unencrypted EBS volume

Elastic Load Balancing (ELB)

Get notified when there is a change to which security groups are associated with an ELB

GuardDuty

Get notified when a user makes destructive changes to GuardDuty monitoring, such as disassociating AWS Accounts or turning off their monitoring

Identity and Access Management (IAM)

Get notified when the password policy for the specified AWS account(s) has been removed
Get notified when a root user account signs in to one of your linked AWS accounts
Get notified when there has been a failed attempt to login to one of you linked AWS accounts
Get notified when there has been a change to an IAM user’s policies
Get notified when an MFA device has been deactivated for a user in one of your connected AWS accounts
Get notified when an AWS-Managed Administrator policy is attached to a use
It is common to require all user account passwords to contain at least one uppercase character for security reasons. Once this policy is in place, this template will alert you if the requirement is ever removed by editing the password policy.
It is common to require all user account passwords to contain at least one symbol for security reasons. Once this policy is in place, this template will alert you if the requirement is ever removed by editing the password policy.
It is common to require all user account passwords to be at least 14 characters long for security reasons. Once this requirement is in place, this template will alert you if the requirement is ever removed by editing the password policy.
It is common to require all user account passwords expire after 90 days for security reasons. Once this requirement is in place, this template will alert you if the requirement is ever removed by editing the password policy.


Get notified when a user signs in to the AWS console without using MFA.
Get notified when a new IAM user is created
Get notified when there has been a change to a user group membership
We observe the “CreateAccessKey” event emitted whenever a new access key is generated for programmatic access to AWS
Get notified when an IAM policy has been created with broad, Administrator-like access on any service.
Get notified when an AWS-Managed Administrator policy is attached to a group
It is common to require all user account passwords to contain at least one lowercase character for security reasons. Once this policy is in place, this template will alert you if the requirement is ever removed by editing the password policy.
It is common to require all user account passwords to contain at least one number for security reasons. Once this policy is in place, this template will alert you if the requirement is ever removed by editing the password policy.
It is common to require all user account passwords to not reuse any of the account’s previous 24 password for security reasons. Once this requirement is in place, this template will alert you if the requirement is ever removed by editing the password policy. START YOUR 14 DAY FREE TRIAL
The AWS CIS Foundations Benchmark recommends a range of account password settings. Once a policy is in place that implements these settings, this template will alert you if the policy is deleted or edited in a way that violates the requirements. With this template deployed, it is not necessary to deploy any of the other templates labeled ‘cis-aws-level-1’ plus ‘password’.

Relational Database Service (RDS)

An attacker’s ability to access a user’s data is greatly increased if the database’s storage is not encrypted. This template installs a rule that notifies the user when an RDS instance or cluster is created with without encryption.
An attacker’s ability to access a user’s data is greatly increased if the database is publicly accessible. This template installs a rule that notifies the user when an RDS instance or cluster is created with public access.

 

An attacker’s ability to access a user’s data is greatly increased if the database’s storage is not encrypted. This template installs a rule that notifies the user when an RDS instance or cluster is created without encryption OR it is publicly accessible.

S3

Get notified when an S3 bucket policy has been updated
Get notified when changes are made to an S3 Bucket Access Control List
Get notified when encryptions settings are changed for an S3 bucket
Get notified when an S3 bucket’s public access block has been updated

 

Get notified when an S3 Bucket policy has been deleted
Get notified when logging has been disabled on an S3 bucket
Get notified when CORS settings are changed for an S3 bucket

Virtual Private Cloud (VPC)

Get notified when a user deletes a Flow Log