July 23, 2021 / Eternal Team
Root User has complete access to all AWS services and resources in the account. Root user account can grant unlimited access to your account and its resources. It’s a best practice to secure root user access to your account.
Set Up An Alert If the root User Logs In Steps:
Go to CloudTrail service
Expand Created Trail
Now Go to Cloudwatch service
In Filter pattern , add this
{ $.userIdentity.type = "Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != "AwsServiceEvent" }
Now Create Alarm in Alarm Section
Now try to login as root , You will get email notification as an alert