Open Source

Monitor Your AWS Organization with CloudWatch Alarms

Open-source CloudFormation templates for automated AWS security monitoring. Deploy in minutes and get email alerts for critical events:

  • 🚨 Access Denied Events
  • 👤 IAM User Creation & Deletion
  • 🔒 Policy Attachments
  • 🔐 SSO Authentication Events

🚀 Deploy to AWS View on GitHub

Why Choose Cloudwatcher?

Deploy in Minutes

One-click CloudFormation deployment. No complex setup, no external dependencies. Just deploy and start monitoring.

AWS-Native Solution

Built entirely on AWS services: CloudWatch, Lambda, and SNS. No data leaves your AWS account.

Community Supported

Open source and maintained by the community. Contribute, customize, and improve together.

🎉 Now Open Source!

Cloudwatcher is now completely free and open source. Deploy it in your AWS account, customize it to your needs, and contribute back to the community.

100% Free

No subscription fees, no hidden costs

Fully Customizable

Modify templates to fit your needs

Community Driven

Contribute and improve together

MIT Licensed

Use it anywhere, commercially or personally

Security Events We Monitor

Cloudwatcher monitors your CloudTrail logs and triggers CloudWatch alarms for these critical security events:

Access Denied

Failed authorization attempts that could indicate unauthorized access attempts.

GetCallerIdentity

Identity verification calls often used by attackers to validate stolen credentials.

AttachUserPolicy

Policy attachments to users that could escalate privileges.

Authenticate

SSO authentication events to track login activity across your organization.

CreateUser

New IAM user creation that could indicate unauthorized account creation.

DeleteUser

IAM user deletion events to track account removal.

IAM User Activity

General IAM user activity monitoring for comprehensive visibility.

All Configurable

Enable or disable any alarm based on your specific security requirements.

Deploy in 3 Simple Steps

1

Click Deploy Button

Launch the CloudFormation stack with pre-configured parameters. Deployment takes about 5 minutes.

2

Confirm Email Subscription

Check your inbox for the SNS confirmation email and click the confirmation link.

3

Receive Alerts

Start receiving formatted email notifications whenever a security event is detected in your AWS Organization.

Quick Deploy

Click the button below to deploy the CloudFormation stack directly to your AWS account. The template will create all necessary CloudWatch alarms, metric filters, and Lambda functions.

Deploy to AWS View on GitHub

⚠️ Important: After deployment, you'll receive an SNS confirmation email. You must click the confirmation link to start receiving alerts. Check your spam folder if you don't see it!

Join the Cloudwatcher Community

Cloudwatcher is open source and community-driven. Whether you want to contribute code, report issues, or just stay updated – we'd love to have you involved!

Contribute on GitHub

Submit issues, pull requests, or star the repository to show your support.

View Repository

Get in Touch

Have questions, need support, or want to discuss custom implementations?

Contact Us

Read the Docs

Check out the README for detailed deployment instructions and architecture details.

View Documentation

💡 Share Your Ideas

Have an idea for a new alarm or feature? We'd love to hear from you! Open an issue on GitHub or reach out.

Together, we can make AWS security monitoring accessible to everyone.

Frequently Asked Questions

Get clear answers about Cloudwatcher – the open-source AWS security monitoring solution. Have more questions? Feel free to reach out.

Get in touch