CloudCheckr can alert when any number of critical events occurs within your AWS account. These alerts, which can be delivered via email, SNS topic, or PagerDuty, are also logged within your CloudCheckr account to be reviewed at any time.
With CloudCheckr you can be alerted when you approach your monthly budget, when someone accesses your account using the Root user account, when a publicly accessible resource is launched, plus several other important scenarios. These alerts can
be found within their own section of the report navigation within each account. From there you can choose to manage Cost, Utilization, and CloudTrail alerts.
Within each section you'll find an Alert Manager, where you can create/modify/delete your alerts,
and an Alert Results page where you can track your triggered alerts.
Create Cost Alerts
Go to the left navigation pane and choose Cost > Alerts > Manager. The Alert Manager page will open.
Click the New Alert button. The Cost Alert Builder opens.
The Cost Alert Builder allows you to create user-defined alerts based on a defined billing budget.
Create Utilization Alert
Go to the left navigation pane and choose Utilization > Alerts > Manager. The Alert Manager page will open.
Click the New Alert button.
The Utilization Alert Builder allows you to create alerts to monitor the utilization of your resources.
You can choose from the following types of utilization alerts:
EC2 Number of Instances: the number of EC2 instances running in your AWS account.
EC2 Resource Utilization: the average CPU for the last 24 hours of any instances in your AWS account.
New Publicly Accessible Resources: the availability of new public resources within the last 48 hours.
Reserved Instance Utilization: notifies you if a reserved instance is under or unutilized.
Resource Changes (via Config): shows you any changes in resources based on your AWS config data.
S3 Storage Used: the total S3 storage across all of your buckets.
S3 Total Objects: the total number of S3 objects stored across all of your buckets.
In addition, you can configure how you want to be notified (email, SNS, PagerDuty, etc.)
Explore the Alert Manager
The Alert Manager is where you can view and manage all of your created acccounts.
You can take the following actions on any alert:
Delete: click X to the far right of the alert to delete it.
This cannot be undone.
Disable: click On to the right of the alert to disable it. No alerts will be triggered on disabled alerts. They can be re-enabled at any time by clicking Off.
Edit: click the name of any alert that you would like to edit and modfiy any configuration options as needed.
In addition to the notification sent when an alert is triggered, the details of the alert will be saved on the Alerts results page. You can filter this page by the alert type, the specific alert name, as well as the start and/or end date of the alert.
To access and create a CloudTrail alert:
Go to the left navigation pane and choose Security > Alerts > CloudTrail > Manager. The Alert Manager page will open.
Click the New Alert button. The CloudTrail Alert Builder opens.
The CloudTrail Alerts section focuses on security alerts. They use CloudTrail data from your account. To use these alerts, you must have CloudTrail enabled on your account and CloudTrail permissions must be added to your permissions policy. Although similar to other alerts, CloudTrail alerts also include uniquie features such as pre-configured alerts.
CloudTrail Alert Manager – Built-In Alerts
The CloudTrail Alert Manager allows you to enable/disable CloudCheckr’s recommended pre-configured Built-In CloudTrail alerts, or manage your custom alerts. Within the Built-In Alerts tab, you enable or disable the pre-configured alerts. You can click any alerts to see specific events and parameters that will trigger the alert, as well as configure the notification method. The Built-In Alerts allow you to quickly enable alerts without having to scour through the list of events to find the correct event types for your alert.
CloudTrail Alert Manager – Custom Alerts
The CloudTrail Custom Alert Builder allows you to create alerts based on all available events that are logged by the AWS CloudTrail service, including resource creation and deletion, modifications to IAM policies, and VPC reconfigurations. You can copy
any pre-existing Built-In alert and modify its parameters, or you can click the Create New Alert button to create an alert from scratch. hen creating CloudTrail alerts you can filter the alerts by events coming from specific AWS regions, services, or
from specific IAM users. You can also only be alerted to events that occur within (or outside) of specific IP ranges, that occur against specific resources, or that contain specific Response and/or Request parameters. This gives you flexibility to
be alerted to the precise activity that's important to you. You also have the ability to ignore specific results to eliminate any noise, and review those ignored items later if necessary.
CloudTrail Alert Results
In addition to the notification sent when an Alert is triggered, the details of the Alert will be saved within the CloudTrail Alert Results page of your CloudCheckr account. This report offers several filtering options and the ability to choose which columns to show in the results. You can expand any alert to see further details, including the raw JSON of the CloudTrail event that triggered the alert. You also have the ability to ignore individual results.