We Have a trail created, and dumping into cloudwatch logs group.
From there i have crated a metric filter for various activities we wish to monitor. (root access, IAM ROLE Changes, Deletions, ETC). I have then created alarms to send to our SNS topic of choice.
Is there a way to have that alarm also carry over the event info that triggers the alarm?
Instead of just saying metric > 1, would also like to send over the event info that caused the alarm to trip as a slack message for at a glance info.
