AWS Root login Alert

AWS Root login Alert

July 23, 2021 / Nirav S

Root User has complete access to all AWS services and resources in the account. Root user account can grant unlimited access to your account and its resources. It’s a best practice to secure root user access to your account.

Set Up An Alert If the root User Logs In Steps:

Go to CloudTrail service

AWS Root login Alert

Expand Created Trail

AWS Root login Alert

  • In CloudWatch Logs section,
  • Edit and enable CloudWatch Logs
  • Set everything as default and give role name

AWS Root login Alert

Now Go to Cloudwatch service

  • Expand Logs section
  • Go to Log groups section

AWS Root login Alert

  • Then Choose Create Metric Filter in Action

AWS Root login Alert

In Filter pattern , add this

 { $.userIdentity.type = "Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != "AwsServiceEvent" }

AWS Root login Alert

  • Set Metric detail

AWS Root login Alert

  • And create metric filter

Now Create Alarm in Alarm Section

AWS Root login Alert

  • Select Created metric

AWS Root login Alert

  • Now select greater than 1

AWS Root login Alert

  • Now create new SNS topic and give your email address
  • And click on create topic..
  • You will get a confirmation email to the given email address..

AWS Root login Alert

  • Give Alarm name

AWS Root login Alert

  • And create Alarm

Now try to login as root , You will get email notification as an alert

Talk to AWS Certified Consultant

    Let Us Talk About Your AWS Development Requirements

    Have queries about your AWS project ideas and concepts? Please drop in your project details to discuss with our AWS experts, professionals and consultants.

    • Swift Hiring and Onboarding
    • Experienced and Trained AWS Team
    • Quality Consulting and Programming
    Let’s Connect and Discuss Your Project


      ">