Monitoring Security Groups with Amazon CloudWatch EventsGo to Lab
Lab policy should include the ability to Revoke Ingress Rules so the security group could be corrected. The time for this lab was also way off, I finished it in under 20 minutes, and that was after trying to add the Revoke Ingress Rules to my profile. Also, it would be helpful to note that failed API calls are seen and evaluated by Lambda, having a segment to show and discuss filtering that only allows for successful API calls to be evaluated would be helpful.
Step 56 should be changed to enter "This permission must be" in the CloudWatch search box so that both the ones needing adding and revoking show up.
FYI There was an error User: arn:aws:sts::384732153490:federated-user/tim is not authorized to perform: kms:ListAliases on lambda function creation screen
Good example of how this works. Very good comment at the end of why the function does not fix the group itself.
Error with permissions
At the end the lambda function is a black box, would be better to at least copy and paste the lambda function instead of using the one stored on S3.
Better than the previous - explanations were more detailed. Thank you
CONCLUÍDO COM SUCESSO