Ensure CloudWatch has an Alarm for IAM Group Changes
Amazon CloudWatch is a monitoring and observability service that can give real time insight into all actions and metrics going on with-in your infrastructure. CloudWatch allows for the creation of alarms that can allow for actionable responses to events. Understanding when an IAM group changes alert you to a potential security incident and is why this is considered a security best practice. This can help with ensuring you are compliant with the CIS benchmark.