Is there a way to find out if there is a change made to any of the IAM resources(policies, users, roles) and trigger an SNS topic other than AWS Config recording. AWS config recording is already configured to send SNS alarm to security team, and i want to have another recording just for IAM resources. please let me know.
Asked
Active
Viewed 185 times
0
-
What about using using [sns filter policies](https://docs.aws.amazon.com/sns/latest/dg/sns-message-filtering.html) to filter out IAM changes and send them to different subscriber? – Marcin Mar 03 '20 at 23:39
1 Answers
0
Amazon CloudWatch Events can send notifications when particular API calls are made, and it can send Amazon SNS messages.
See: Creating a CloudWatch Events Rule That Triggers on an Event - Amazon CloudWatch Events
John Rotenstein
- 241,921
- 22
- 380
- 470