Security best practices for Amazon Health
See the following best practices for working with Amazon Health.
Grant Amazon Health users minimum possible permissions
Follow the principle of least privilege by using the minimum set of access policy permissions for your users and groups. For example, you might allow an Amazon Identity and Access Management (IAM) user access to the Amazon Health Dashboard. However, you might not allow that same user to enable or disable access to Amazon Organizations.
For more information, see Amazon Health identity-based policy examples.
View the Amazon Health Dashboard
Check your Amazon Health Dashboard often to identify events that might affect your account or applications. For example, you might receive an event notification about your resources, such as an Amazon Elastic Compute Cloud (Amazon EC2) instance that needs to be updated.
For more information, see Getting started with your Amazon Health Dashboard – Your account health.
Integrate Amazon Health with Amazon Chime or Slack
You can integrate Amazon Health with your chat tools. This integration lets you and your
team get notified about Amazon Health events in real time. For more information, see the
Amazon Health Tools
Monitor for Amazon Health events
You can integrate Amazon Health with Amazon CloudWatch Events, so that you can create rules for specific events. When CloudWatch Events detects an event that matches your rule, you are notified and can then take action. CloudWatch Events events are Region-specific, so you must configure this service in the Region in which your application or infrastructure resides.
In some cases, the Region for the Amazon Health event can't be determined. If that situation occurs, the event appears in the US East (N. Virginia) Region by default. You can set up CloudWatch Events in this Region to ensure that you monitor these events.
For more information, see Monitoring Amazon Health events with Amazon EventBridge.