Situation 

• An alert is required to track any changes to Security Groups made by users other than the administrator. 

Resolution 

1. Create an SNS Topic 

2. Configure SNS Subscription 

   • Create a subscription with the protocol set to email. 

   • A confirmation email will be sent to the provided address — click "Confirm" in the email to complete the subscription process.

3. Create Change Security Group Event Rule 

   • EventBridge > Events > Rules > Create Rule 

     • Event Pattern > Use a predefined pattern provided by the service. 

     • Service Provider : AWS

     • Service Name : EC2

     • Event Type : AWS API Call via CloudTrail

     • Specific Operations : AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, RevokeSecurityGroupEgress, CreateSecurityGroup, DeleteSecurityGroup 추가

   • Link the created SNS topic as the event rule's target.