CloudWatch Allows Cross-Account Sharing

Overview

Check if CloudWatch permits cross-account sharing. Allowing Cross-Account access to CloudWatch may heighten the risk of exposing sensitive information across accounts. To adhere to the principles of least privilege and Zero Trust, ensure that usage permissions are granted on a per-resource basis.

Vendor

AWS

Cloud Service

IAM

References

https://docs.aws.amazon.com/IAM/latest/APIReference/API_Role.html, https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html

Severity

Item Types

AWS::IAM::Role

Overview​

Vendor​

Cloud Service​

References​

Severity​

Item Types​