Ensure that your Amazon CloudWatch default event bus is not configured to allow access to everyone (*) in order to prevent anonymous users from sharing their CloudWatch events. An AWS CloudWatch default event bus is a feature that facilitates AWS accounts to share events with each other. This feature can be useful to AWS accounts that belong to the same organization or belong to organizations that are associated or have a similar relationship. The event bus has an access policy that specifies the AWS entities that are allowed to send events to the bus. To follow security best practices, you need to allow only the authorized users to send their events data by managing the permissions defined for the default event bus.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using an overly permissive access policy for your CloudWatch default event bus can allow unauthorized AWS users to send their CloudWatch events.
To determine if your CloudWatch default event bus available within your AWS account allows access to everyone (*), perform the following actions:
Case A: To update the access permissions defined for the CloudWatch default event bus in order authorize only specific AWS entities to send CloudWatch event data to your AWS account, perform the following:
Case B: To revoke public access to your AWS CloudWatch default event bus, perform the following actions: