TEMPLATE:# AWS Cloudtrail event names - https://www.gorillastack.com/news/important-aws-cloudtrail-security-events-tracking used as reference
AttachLoadBalancers:Autoscaling
DetachLoadBalancers:Autoscaling
PutScalingPolicy:Autoscaling
TerminateInstanceInAutoScalingGroup:Autoscaling
CancelUpdateStack:Cloudformation
CreateStack:Cloudformation
DeleteStack:Cloudformation
UpdateStack:Cloudformation
DeleteConfigRule:AWS Config
DeleteConfigurationRecorder:AWS Config
DeleteDeliveryChannel:AWS Config
DeleteEvaluationResults:AWS Config
PutConfigurationRecorder:AWS Config
PutConfigRule:AWS Config
PutDeliveryChannel:AWS Config
PutEvaluations:AWS Config
StartConfigRulesEvaluation:AWS Config
StartConfigurationRecorder:AWS Config
StopConfigurationRecorder:AWS Config
RunInstances:EC2
StartInstances:EC2
StopInstances:EC2
TerminateInstances:EC2
AbortEnvironmentUpdate:Elastic Beanstalk
CreateApplication:Elastic Beanstalk
CreateApplicationVersion:Elastic Beanstalk
CreateConfigurationTemplate:Elastic Beanstalk
CreateEnvironment:Elastic Beanstalk
CreateStorageLocation:Elastic Beanstalk
DeleteApplication:Elastic Beanstalk
DeleteApplicationVersion:Elastic Beanstalk
DeleteConfigurationTemplate:Elastic Beanstalk
DeleteEnvironmentConfiguration:Elastic Beanstalk
RebuildEnvironment:Elastic Beanstalk
RestartAppServer:Elastic Beanstalk
SwapEnvironmentCNAMEs:Elastic Beanstalk
TerminateEnvironment:Elastic Beanstalk
UpdateApplication:Elastic Beanstalk
UpdateApplicationVersion:Elastic Beanstalk
UpdateConfigurationTemplate:Elastic Beanstalk
UpdateEnvironment:Elastic Beanstalk
CreateFileSystem:EFS
CreateMountTarget:EFS
DeleteFileSystem:EFS
DeleteMountTarget:EFS
CreateListener:ELB
CreateLoadBalancer:ELB
CreateLoadBalancerListeners:ELB
CreateLoadBalancerPolicy:ELB
CreateTargetGroup:ELB
DeleteListener:ELB
DeleteLoadBalancer:ELB
DeleteLoadBalancerListeners:ELB
DeleteLoadBalancerPolicy:ELB
DeleteTargetGroup:ELB
DeregisterInstancesFromLoadBalancer:ELB
DeregisterTargets:ELB
DetachLoadBalancerFromSubnets:ELB
DisableAvailabilityZonesForLoadBalancer:ELB
EnableAvailabilityZonesForLoadBalance:ELB
ModifyListener:ELB
ModifyLoadBalancerAttributes:ELB
ModifyRule:ELB
ModifyTargetGroup:ELB
ModifyTargetGroupAttributes:ELB
RegisterInstancesWithLoadBalancer:ELB
RegisterTargets:ELB
RemoveTags:ELB
CreateDBCluster:RDS
CreateDBClusterParameterGroup:RDS
CreateDBClusterSnapshot:RDS
CreateDBInstance:RDS
CreateDBInstanceReadReplica:RDS
CreateDBParameterGroup:RDS
CreateDBSnapshot:RDS
CreateDBSubnetGroup:RDS
CreateOptionGroup:RDS
DeleteDBCluster:RDS
DeleteDBClusterParameterGroup:RDS
DeleteDBClusterSnapshot:RDS
DeleteDBInstance:RDS
DeleteDBParameterGroup:RDS
DeleteDBSnapshot:RDS
DeleteDBSubnetGroup:RDS
DeleteOptionGroup:RDS
FailoverDBCluster:RDS
ModifyDBCluster:RDS
ModifyDBClusterParameterGroup:RDS
ModifyDBInstance:RDS
ModifyDBParameterGroup:RDS
ModifyDBSnapshotAttribute:RDS
ModifyDBSubnetGroup:RDS
ModifyOptionGroup:RDS
PromoteReadReplica:RDS
RebootDBInstance:RDS
ResetDBClusterParameterGroup:RDS
ResetDBParameterGroup:RDS
RestoreDBClusterFromSnapshot:RDS
RestoreDBClusterToPointInTime:RDS
RestoreDBInstanceFromDBSnapshot:RDS
RestoreDBInstanceToPointInTime:RDS
ChangeResourceRecordSets:Route53
DeleteHealthCheck:Route53
CreateBucket:S3
DeleteBucket:S3
DeleteBucketLifecycle:S3
DeleteBucketReplication:S3
DeleteBucketTagging:S3
PutBucketLifecycle:S3
PutBucketLogging:S3
PutBucketNotification:S3
PutBucketReplication:S3
PutBucketRequestPayment:S3
PutBucketTagging:S3
PutBucketVersioning:S3
ConsoleLogin:Access
ExitRole:Access
RenewRole:Access
SwitchRole:Access
DeleteCertificate:Certificate Manager
RequestCertificate:Certificate Manager
ResendValidationEmail:Certificate Manager
StopLogging:Cloudtrail
AllocateConnectionOnInterconnect:Direct Connect
AllocateHostedConnection:Direct Connect
AllocatePrivateVirtualInterface:Direct Connect
AllocatePublicVirtualInterface:Direct Connect
AssociateConnectionWithLag:Direct Connect
AssociateHostedConnection:Direct Connect
AssociateVirtualInterface:Direct Connect
ConfirmConnection:Direct Connect
ConfirmPrivateVirtualInterface:Direct Connect
ConfirmPublicVirtualInterface:Direct Connect
CreateConnection:Direct Connect
CreateInterconnect:Direct Connect
CreateLag:Direct Connect
CreatePrivateVirtualInterface:Direct Connect
CreatePublicVirtualInterface:Direct Connect
DeleteConnection:Direct Connect
DeleteInterconnect:Direct Connect
DeleteLag:Direct Connect
DeleteVirtualInterface:Direct Connect
DisassociateConnectionFromLag:Direct Connect
UpdateLag:Direct Connect
AssociateIamInstanceProfile:EC2 - VPC
AssociateAddress:EC2 - VPC
AssociateRouteTable:EC2 - VPC
AssociateSubnetCidrBlock:EC2 - VPC
AssociateVpcCidrBlock:EC2 - VPC
AttachClassicLinkVpc:EC2 - VPC
AttachInternetGateway:EC2 - VPC
AttachNetworkInterface:EC2 - VPC
AllocateAddress:EC2 - VPC
AssignPrivateIpAddresses:EC2 - VPC
AttachVpnGateway:EC2 - VPC
CreateKeyPair:EC2 - VPC
CreateNatGateway:EC2 - VPC
CreateNetworkAcl:EC2 - VPC
CreateNetworkAclEntry:EC2 - VPC
CreateNetworkInterface:EC2 - VPC
CreateRoute:EC2 - VPC
CreateRouteTable:EC2 - VPC
CreateSecurityGroup:EC2 - VPC
CreateVpc:EC2 - VPC
CreateVpcEndpoint:EC2 - VPC
CreateVpcPeeringConnection:EC2 - VPC
CreateVpnConnection:EC2 - VPC
CreateVpnConnectionRoute:EC2 - VPC
CreateVpnGateway:EC2 - VPC
DeleteCustomerGateway:EC2 - VPC
DeleteDhcpOptions:EC2 - VPC
DeleteEgressOnlyInternetGateway:EC2 - VPC
DeleteInternetGateway:EC2 - VPC
DeleteKeyPair:EC2 - VPC
DeleteNatGateway:EC2 - VPC
DeleteNetworkAcl:EC2 - VPC
DeleteNetworkAclEntry:EC2 - VPC
DeleteNetworkInterface:EC2 - VPC
DeleteRoute:EC2 - VPC
DeleteRouteTable:EC2 - VPC
DeleteSecurityGroup:EC2 - VPC
DeleteVpcEndpoints:EC2 - VPC
DeleteVpcPeeringConnection:EC2 - VPC
DeleteVpnConnection:EC2 - VPC
DeleteVpnConnectionRoute:EC2 - VPC
DeleteVpnGateway:EC2 - VPC
DetachClassicLinkVpc:EC2 - VPC
DetachInternetGateway:EC2 - VPC
DetachNetworkInterface:EC2 - VPC
DetachVolume:EC2 - VPC
DetachVpnGateway:EC2 - VPC
DisableVgwRoutePropagation:EC2 - VPC
DisableVpcClassicLink:EC2 - VPC
DisassociateAddress:EC2 - VPC
DisassociateIamInstanceProfile:EC2 - VPC
DisassociateRouteTable:EC2 - VPC
DisassociateSubnetCidrBlock:EC2 - VPC
DisassociateVpcCidrBlock:EC2 - VPC
EnableVgwRoutePropagation:EC2 - VPC
EnableVolumeIO:EC2 - VPC
EnableVpcClassicLink:EC2 - VPC
AuthorizeSecurityGroupEgress:EC2 - Security Groups
AuthorizeSecurityGroupIngress:EC2 - Security Groups
RevokeSecurityGroupEgress:EC2 - Security Groups
RevokeSecurityGroupIngress:EC2 - Security Groups
ModifyMountTargetSecurityGroups:EFS
ApplySecurityGroupsToLoadBalancer:ELB
SetSecurityGroups:ELB
AuthorizeCacheSecurityGroupIngress:ElastiCache
CreateCacheSecurityGroup:ElastiCache
DeleteCacheSecurityGroup:ElastiCache
RevokeCacheSecurityGroupIngress:ElastiCache
AddClientIDToOpenIDConnectProvider:IAM
AddRoleToInstanceProfile:IAM
AddUserToGroup:IAM
AttachGroupPolicy:IAM
AttachRolePolicy:IAM
AttachUserPolicy:IAM
ChangePassword:IAM
CreateAccessKey:IAM
CreateAccountAlias:IAM
CreateGroup:IAM
CreateInstanceProfile:IAM
CreateLoginProfile:IAM
CreateOpenIDConnectProvider:IAM
CreatePolicy:IAM
CreatePolicyVersion:IAM
CreateRole:IAM
CreateSAMLProvider:IAM
CreateUser:IAM
CreateVirtualMFADevice:IAM
DeactivateMFADevice:IAM
DeleteAccessKey:IAM
DeleteAccountAlias:IAM
DeleteAccountPasswordPolicy:IAM
DeleteGroup:IAM
DeleteGroupPolicy:IAM
DeleteInstanceProfile:IAM
DeleteLoginProfile:IAM
DeleteOpenIDConnectProvider:IAM
DeletePolicy:IAM
DeletePolicyVersion:IAM
DeleteRole:IAM
DeleteRolePolicy:IAM
DeleteSAMLProvider:IAM
DeleteServerCertificate:IAM
DeleteSigningCertificate:IAM
DeleteSSHPublicKey:IAM
DeleteUser:IAM
DeleteUserPolicy:IAM
DeleteVirtualMFADevice:IAM
DetachGroupPolicy:IAM
DetachRolePolicy:IAM
DetachUserPolicy:IAM
EnableMFADevice:IAM
PutGroupPolicy:IAM
PutRolePolicy:IAM
PutUserPolicy:IAM
RemoveClientIDFromOpenIDConnectProvider:IAM
RemoveRoleFromInstanceProfile:IAM
RemoveUserFromGroup:IAM
ResyncMFADevice:IAM
SetDefaultPolicyVersion:IAM
UpdateAccessKey:IAM
UpdateAccountPasswordPolicy:IAM
UpdateAssumeRolePolicy:IAM
UpdateGroup:IAM
UpdateLoginProfile:IAM
UpdateOpenIDConnectProviderThumbprint:IAM
UpdateSAMLProvider:IAM
UpdateServerCertificate:IAM
UpdateSigningCertificate:IAM
UpdateSSHPublicKey:IAM
UpdateUser:IAM
UploadServerCertificate:IAM
UploadSigningCertificate:IAM
UploadSSHPublicKey:IAM
AuthorizeSnapshotAccess:Redshift
RevokeSnapshotAccess:Redshift
RotateEncryptionKey:Redshift
AuthorizeClusterSecurityGroupIngress:Redshift
CreateClusterSecurityGroup:Redshift
DeleteClusterSecurityGroup:Redshift
RevokeClusterSecurityGroupIngress:Redshift
AuthorizeDBSecurityGroupIngress:RDS
CreateDBSecurityGroup:RDS
DeleteDBSecurityGroup:RDS
RevokeDBSecurityGroupIngress:RDS
DeleteBucketCors:S3
DeleteBucketPolicy:S3
DeleteBucketWebsite:S3
PutBucketAcl:S3
PutBucketCors:S3
PutBucketPolicy:S3
PutBucketWebsite:S3
CreateByteMatchSet:WAF
CreateIPSet:WAF
CreateRule:WAF
CreateSizeConstraintSet:WAF
CreateSqlInjectionMatchSet:WAF
CreateWebACL:WAF
CreateXssMatchSet:WAF
DeleteByteMatchSet:WAF
DeleteIPSet:WAF
DeleteRule:WAF
DeleteSizeConstraintSet:WAF
DeleteSqlInjectionMatchSet:WAF
DeleteWebACL:WAF
DeleteXssMatchSet:WAF
UpdateByteMatchSet:WAF
UpdateIPSet:WAF
UpdateRule:WAF
UpdateSizeConstraintSet:WAF
UpdateSqlInjectionMatchSet:WAF
UpdateWebACL:WAF
UpdateXssMatchSet:WAF
AssociateDhcpOptions:Legacy Wazuh CDB
AttachVolume:Legacy Wazuh CDB
CopySnapshot:Legacy Wazuh CDB
CreateImage:Legacy Wazuh CDB
CreatePlacementGroup:Legacy Wazuh CDB
CreateSnapshot:Legacy Wazuh CDB
CreateSubnet:Legacy Wazuh CDB
CreateTags:Legacy Wazuh CDB
CreateVolume:Legacy Wazuh CDB
DeletePlacementGroup:Legacy Wazuh CDB
DeleteSnapshot:Legacy Wazuh CDB
DeleteTags:Legacy Wazuh CDB
DeleteVolume:Legacy Wazuh CDB
DeregisterImage:Legacy Wazuh CDB
DisableKey:Legacy Wazuh CDB
GetGroup:Legacy Wazuh CDB
ListAliases:Legacy Wazuh CDB
ListGroups:Legacy Wazuh CDB
ListUsers:Legacy Wazuh CDB
ModifyImageAttribute:Legacy Wazuh CDB
ModifyInstanceAttribute:Legacy Wazuh CDB
ModifyNetworkInterfaceAttribute:Legacy Wazuh CDB
ModifySnapshotAttribute:Legacy Wazuh CDB
ModifySubnetAttribute:Legacy Wazuh CDB
ModifyVolumeAttribute:Legacy Wazuh CDB
MonitorInstances:Legacy Wazuh CDB
RebootInstances:Legacy Wazuh CDB
RegisterImage:Legacy Wazuh CDB
UnmonitorInstances:Legacy Wazuh CDB
UpdateInstanceAlias:Legacy Wazuh CDB
