Does anyone have any idea how we can catch real-time alerts for our AWS cloud, like anything getting created publicly, either using CloudQuery or with any other tool?
We have announced an event-based sync for AWS. This will enable you to sync data in near real time. Check out the blog post to see the details and the link to sign up: Announcing CloudQuery AWS Event-Based Sync (Beta)
Adding to that. Another way to do it with the free AWS plugin is to use, for example, Grafana alerts. This way, you can alert on any SQL query any time they change.
So, let’s say you set up CloudQuery to sync every X hours. Every time there is data that is not according to a specific SQL query, Grafana can send alerts to your Slack, Email, or anywhere else. It won’t be real-time, but it will depend on how often you run syncs. If you want real-time alerts, then you will need to use the event-driven plugin and set up the Grafana alert.
If you are using Security Hub to aggregate findings from different sources, you can easily build something using EventBridge and Lambda to notify using SNS/SES or send data to a webhook (Google Chat or Slack) to alert on the things you consider relevant.
I also recommend you to have a look at IAM Access Analyzer; it’s a great tool for spotting which of your resources are publicly available, and it integrates with Security Hub.
Hey everyone,
Thank you so much for the suggestions.
@ben, I will definitely read the blog you have shared.
@certain-alpaca, I had this idea, but it takes a lot of effort. That’s why I was looking if there is anything open source that we can just plug and play.
That blog is really nice, thanks @ben!