AWS Root login Alert

AWS Root login Alert

July 23, 2021 / Eternal Team

Root User has complete access to all AWS services and resources in the account. Root user account can grant unlimited access to your account and its resources. It’s a best practice to secure root user access to your account.

Set Up An Alert If the root User Logs In Steps:

Go to CloudTrail service

AWS Root login Alert

Expand Created Trail

AWS Root login Alert

  • In CloudWatch Logs section,
  • Edit and enable CloudWatch Logs
  • Set everything as default and give role name

AWS Root login Alert

Now Go to Cloudwatch service

  • Expand Logs section
  • Go to Log groups section

AWS Root login Alert

  • Then Choose Create Metric Filter in Action

AWS Root login Alert

In Filter pattern , add this

 { $.userIdentity.type = "Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != "AwsServiceEvent" }

AWS Root login Alert

  • Set Metric detail

AWS Root login Alert

  • And create metric filter

Now Create Alarm in Alarm Section

AWS Root login Alert

  • Select Created metric

AWS Root login Alert

  • Now select greater than 1

AWS Root login Alert

  • Now create new SNS topic and give your email address
  • And click on create topic..
  • You will get a confirmation email to the given email address..

AWS Root login Alert

  • Give Alarm name

AWS Root login Alert

  • And create Alarm

Now try to login as root , You will get email notification as an alert

AWS-Consulting-Partner

Talk to AWS Certified Consultant

    Want to start a project?

    It’s simple.

    Contact us