Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty API logging and new API keys detection Reply To: API logging and new API keys detection

  • TutorialsDojo-Support

    Member
    September 22, 2020 at 10:12 pm

    Hello daniel-15,

    Thank you for your feedback.

    “Create a config rule in AWS Config that detects when AWS CloudTrail is disabled. Set another rule to monitor any calls to the create-api-key by the root IAM user. Set up a Lambda to reenable CloudTrail logs and deactivate the root API keys.”

    How do you create a Config rule to monitor calls to create-api-keys? By default, I only see four IAM-related events in the Config triggers. Does this rely on making a custom trigger?

    Yes, you will need to add a Custom Rule with a trigger on AWS Config for detecting calls to create-api-keys for the root account. That’s why you will also need to write a Lambda function for it to check that API call and deactivate the key if it is created.

    Although AWS has provided several AWS Config rules by default, you can always create your own rules. And AWS Config is also integrated with SSM Automation on which you can run your SSM Automation Documents to automate remediations on any violation detected by AWS Config.

    Hope this helps. If you have any other concerns, we’d be happy to hear it.

    Regards,

    Kenneth Samonte @ Tutorials Dojo