AWS CloudTrail Template
AWS CloudTrail Standard Datasource
The following controls can be applied to SWIFT software from within the Standard pre-configured datasource:
|
Action |
Subaction |
Condition |
| System Management | ||
| Virtual Machine Modification | Alter Virtual Machine Configuration | EventName=ModifyInstanceAttribute |
| Authentication Creation | Create Authentication | EventName=CreateAccessKey |
| Bucket Creation | Create Bucket | EventName=CreateBucket |
| Authentication Deletion | Drop Authentication | EventName=DeleteAccessKey |
| Bucket Deletion | Drop Bucket | EventName=DeleteBucket |
| Authentication Modification | Alter Authentication | EventName=UpdateAccessKey |
| Policy Rule Creation | Create Policy Rule | EventName=Createpolicy |
| Policy Rule Deletion | Drop Policy Rule | EventName=DeletePolicy |
| Virtual Machine Power Off | Virtual Machine power Off | EventName=TerminateInstances |
| Virtual Machine Stopped | Virtual Machine Stopped | EventName=StopInstances |
| Virtual Machine Power On | Virtual Machine Power On | EventName=RunInstances |
| Virtual Machine Rebooted | Virtual Machine Rebooted | EventName=RebootInstances |
| Virtual Machine Started | Virtual Machine Started | EventName=StartInstances |
| User Activity | ||
| Interactive Logon Failure | Logon Failed Interactive | EventName=ConsoleLogin and responseElements['ConsoleLogin']=Failure |
| Interactive Login | Logon Successful Interactive | EventName=ConsoleLogin and responseElements['ConsoleLogin']=Success |
| Users' Management | ||
| Create Login Profile | Grant Permission LoginProfile | EventName=CreateLoginProfile |
| Grant Permission To User | Grant Permission User | EventName=AttachUserPolicy |
| Group Right Assignment | Grant Permission Group | EventName=AttachGroupPolicy |
| Group Creation | Create Group Role Profile Group | EventName=CreateGroup |
| Role Creation | Create Group Role Profile Role | EventName=CreateRole |
| Role Right Assignment | Grant Permission Role | EventName=AttachRolePolicy |
| Group Deletion | Drop Group Role Profile Group | EventName=DeleteGroup |
| Role Deletion | Drop Group Role Profile Role | EventName=DeleteRole |
| Group Modification | Alter Group Role Profile Group | EventName=UpdateGroup |
| Role Modification | Alter Group Role Profile Role | EventName=UpdateRole |
| Update Assume Role Policy | Alter Group Role Profile Update Assume Role Poilcy | EventName=UpdateAssumeRolePolicy |
| Password Modification | Password Changed | EventName=ChangePassword |
| Update Login Profile | Alter Persmission Login Profile | EventName=UpdateLoginProfile |
| Delete Login Profile | Revoke Permission LoginProfile | EventName=DeleteLoginProfile |
| Revoke Group Permission | Revoke Permission Group | EventName=DetachGroupPolicy |
| Revoke Permission To User | Revoke Permission User | EventName=DetachUserPolicy |
| Revoke Role Permission | Revoke Permission Role | EventName=DetachRolePolicy |
| User Addition To Group | Add to Group Role Profile Group | EventName=AddUserToGroup |
| Cloud Service Account Creation | Create Cloud Service Account | EventName=CreateUser |
| Cloud Service Account Deletion | Drop Cloud Service Account | EventName=DeleteUser |
| User Removal From Group | Remove From Group Role Profile Group | EventName=RemoveUserFromGroup |