Description:

Lightsail provides object storage called a bucket that is used to store your data. You can add objects to your bucket by uploading files using the Lighsail console or by configuring your application to put content like logs or other application data in the bucket.


Rational:

You can configure Lightsail to notify you when a metric for Bucket storage crosses a specified threshold. Notifications can be in the form of a banner displayed in the Lightsail console, an email sent to an address you specify or an SMS text message sent to a mobile phone number you specify.


Impact:

If the alarm threshold is breached you will receive a notification in the Lightsail console, and, optionally, you can choose to receive an email message and/or SMS message.


Default Value:

By default, lightsail will not set any alarm.


Audit:

  1. Sign in to AWS Management console

  2. Go to the Lightsail service at https://lightsail.aws.amazon.com/

  3. Select the storage tab and choose the bucket and click on it to examine

  4. Go to the Metrics tab and check whether any alarm is configured

     

Remediation:

Pre-requisites:

  • Sign in as admin or IAM user with required permissions


Implementation Steps:

  1. Sign into AWS Management console

  2. Go to the Lightsail service at https://lightsail.aws.amazon.com/

  3. Select the storage tab and choose the bucket and click on it to modify

  4. Go to the Metrics tab and click on Add alarm

  5. Configure the threshold value as required

  6. Choose the notifying option from the list of options available

  7. Click on create

Via CLI:

put-alarm
--alarm-name <value>
--metric-name <value>
--monitored-resource-name <value>
--comparison-operator <value>
--threshold <value>
--evaluation-periods <value>
[--datapoints-to-alarm <value>]
[--treat-missing-data <value>]
[--contact-protocols <value>]
[--notification-triggers <value>

Backout plan:

  1. Sign into AWS Management console

  2. Go to the Lightsail service at https://lightsail.aws.amazon.com/

  3. Select the storage tab and choose the bucket and click on it to modify

  4. Go to the Metrics tab 

  5. At bottom Click on toggle button to disable the alarm or click on the side menu and select Delete Alarm to delete the alarm

Reference:

https://aws.amazon.com/lightsail/