CloudWatch
AWS CloudWatch
Overview
AWS CloudWatch integration - regscale aws sync_cloudwatch - evaluates audit review and system monitoring controls (AU-6, SI-4).
Note: This integration is specifically for CloudWatch Logs, not CloudWatch Metrics. It collects log group configurations and assesses audit-related controls.
Command Syntax
regscale aws sync_cloudwatch [OPTIONS]
Basic Usage
# Sync CloudWatch logging configurations
regscale aws sync_cloudwatch --regscale-id 123 --create-evidence
# Filter by tags
regscale aws sync_cloudwatch \
--regscale-id 123 \
--tags Environment=Production \
--create-evidence
Evidence Collection Options
| Option | Description | Default |
|---|---|---|
--create-evidence | Enable evidence collection | False |
--create-ssp-attachment | Create evidence as SSP attachment (default: True) | |
--evidence-control-ids | Comma-separated list of control IDs (e.g., 'AU-2,AU-3,AU-6,AU-9,AU-11,AU-12,SI-4') | All controls |
--evidence-frequency | Evidence update frequency in days | 30 |
Collect Evidence for Specific Controls
regscale aws sync_cloudwatch --regscale-id 123 \
--create-evidence \
--evidence-control-ids AU-2,AU-3,AU-6,AU-9,AU-11
NIST 800-53 Controls Assessed
- AU-2 (Audit Events): Log groups configured to capture events
- AU-3 (Content of Audit Records): Comprehensive log data captured
- AU-6 (Audit Review, Analysis, and Reporting): Subscription filters and metric filters
- AU-9 (Protection of Audit Information): KMS encryption enabled for log groups
- AU-11 (Audit Record Retention): Retention policies configured (minimum 90 days)
- AU-12 (Audit Generation): Active log groups receiving data
- SI-4 (System Monitoring): Real-time monitoring via subscription and metric filters
Evidence Collected
- Log group configurations and retention policies
- Encryption status (KMS key IDs)
- Metric filter configurations
- Subscription filter setups
- Storage metrics (bytes stored)
- Log group tags
Filter by Log Group Prefix
Filter CloudWatch log groups by name prefix:
regscale aws sync_cloudwatch --regscale-id 123 \
--log-group-prefix /aws/lambda/ \
--create-evidence
What Gets Created in RegScale
- Control Assessments: AU-6, SI-4
- Evidence: Log groups, retention policies, metric filters
- Issues: Short retention, no metric filters
Common Use Cases
# Production monitoring audit
regscale aws sync_cloudwatch \
--regscale-id 123 \
--tags Environment=Production \
--create-evidence \
--evidence-control-ids AU-6,SI-4 \
--create-issues
Updated 3 days ago