Your workloads look healthy, but is your AWS account?
- John Perkins

- 2 days ago
- 2 min read

You may be monitoring your AWS workloads. But are you monitoring the changes being made to AWS itself? When we review AWS environments, we often see good operational monitoring in place:
EC2 CPU utilisation
RDS storage and performance
ECS task health
Lambda errors
Application availability
That kind of monitoring is important. But it only tells part of the story.
One area that is often overlooked is monitoring changes to the AWS control plane — the configuration and management layer that governs how the environment operates.
These are not always infrastructure failures. They are changes that can quietly introduce risk.
For example:
An S3 bucket becoming public
A Security Group opening SSH or RDP to the internet
CloudTrail being disabled
An administrator policy being attached to a user or role
A KMS key being scheduled for deletion
AWS Backup plans being modified or removed
GuardDuty, Security Hub or AWS Config being disabled
Route table or Network ACL changes affecting production workloads
An account leaving the AWS Organisation
Most of these events will not trigger an alarm. But they can create serious security, compliance or availability issues.
AWS provides the building blocks to detect these changes through services such as CloudTrail, EventBridge, AWS Config, CloudWatch and SNS.
The challenge is not usually whether the data exists. The challenge is whether important events are turned into actionable alerts that the right people will actually see and respond to.
A useful question to ask is:
If someone changed a critical security setting in your AWS account today, who would know — and how quickly?
For many organisations, that is the gap between monitoring infrastructure and operating AWS securely.
At Habitat3, our Cloud Operations Service helps AWS customers improve visibility across both workload health and the AWS configuration changes that can affect security, reliability and compliance.























