With the Log Group created and integrated with the CloudTrail Trail, we can now continue to create and assign custom metric filters as well as alarms. These alarms can be leveraged to trigger notifications whenever a particular compliance or governance issue is identified by CloudTrail.

To begin with, let's first create a custom metric filter using CloudWatch Logs. In this case, we will be creating a simple filter that triggers a CloudWatch alarm each time an S3 bucket API call is made. This API call can be either a simple PUT or DELETE operation on the bucket's policies, life cycle, and so on:

1. Log in to your Amazon CloudWatch dashboard or, alternatively, select the link provided here to get started, at https://console.aws.amazon.com/cloudwatch/.

2. Once logged in, select the Logs option from the navigation pane. Select the newly created Log Group that we created a while back, and opt for the Create Metric Filter option, as depicted in the following screenshot:

3. Here, in the Create Metric Filter and Assign a Metric page, start off by providing a suitable Filter Name for the new metric, followed by populating the Filter Pattern option with the following snippet:

{($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketLifecycle) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketLifecycle))} 

4. Once done, type in a suitable Metric Namespace value followed by a Metric Name as well. Leave the rest of the values to their defaults, and select the option Create filter to complete the process.
5. With this step completed, you now have a working CloudWatch filter up and running. In order to assign this particular filter an alarm, simply select the Create Alarm option adjacent to the filter, as depicted in the following screenshot:

6. Creating an alarm is a fairly straightforward and simple process, and I'm sure you would be more than qualified enough to set it up. Start off by providing a Name and an optional Description to your alarm, followed by configuring the trigger by setting the event count as >= 1 for 1 consecutive period. Consequently, also remember to set up the Actions section by selecting an SNS Notification List or, alternatively, creating a new one. With all the settings configured, select the Create Alarm option to complete the process.

With this step completed, the only thing remaining is to give the filter a try! Log in to your S3 dashboard and create a new bucket, or alternatively, update the bucket policy of an existing one. The CloudTrail Trail will pick up this change and send the logs to your CloudWatch Log Group, where our newly created metric filter triggers an alarm by notifying the respective cloud administrator! Simply awesome isn't it? You can use more custom filters and alarms for configuring CloudWatch's notifications, as per your requirements.

In the next section, we will be looking at a fairly simple and automated method for creating and deploying multiple CloudWatch alarms using a single CloudFormation template.