4.7 Ensure that a Cloudwatch Alarm is created for the "VPC Flow Logs" metric filter, and an Alarm Action is configured

Information

A Cloudwatch alarm watches a single metric over a time period you specify, and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The action is a notification sent to an Amazon SNS topic.

The Cloudwatch Alarm will trigger a notification being sent to the administrators every time the "REJECT packets" specified threshold is reached. The alarm should be created for the "VPC Flow Logs" metric, and the action should have a SNS topic configured.
For the administrators subscribed to a SNS topic to be able to receive notifications when IP packets are rejected inside the VPC, a Cloudwatch alarm must be configured for the "VPC Flow Logs" metric.

Solution

Using the Amazon unified command line interface:

* Create a Cloudwatch alarm for the VPC Flow Logs metric, and configure an Alarm Action:

aws cloudwatch put-metric-alarm --alarm-name <_vpc_flow_log_alarm_name>_ --alarm-actions _<__<em>sns_topic__arn</em>> --metric-name <vpc_flow_log_metric_name> --namespace LogMetrics --statistic _<desired_statistic>_ --period _<desired_period_> --evaluation-periods _<desired_evaluation_periods_> --threshold _<desired_threshold>_ --comparison-operator _<desired_operator>_

See Also

https://workbench.cisecurity.org/files/260