Tracking root account - aws
AWS - Looking to create an alarm which sends out an email when the root account is used for logging in, there are many articles out there describing what needs to be done but nothing solid to have a solution.
Requirements:
Any help will be appreciated.
Requirements:
- Log root account login activity
- Email notification via SNS
Any help will be appreciated.
ASKER
I have attached a screen shot of the alarm, doesn't seem to work
Capture.JPG
Capture.JPG
ASKER
Any further update on this?
It might take a while for either data to show - or might even be insufficient if there is no root activity. I'll run some tests myself to verify that.
In the meantime, could you show what you have for the custom metric?
In the meantime, could you show what you have for the custom metric?
ASKER
Where will I find that info to provide you with?
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
You did mention that you already came across articles explaining what to do, but AWS actually has a really good step by step document for this sort of thing: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail-additional-examples.html#cloudwatch-alarms-for-cloudtrail-root-example
Let me know if you need more than that.