Suspicious activity

Anomaly detection: Role with unusual amount of access denied responses

Risk Level

Informational (4)



Unlike in the past, a role that is related to an instance profile executed API calls, which resulted in an unusual amount of access denied. In addition there was an unusual amount of unique event names in recent activity of the role. Therefor those findings might indicate on a malicious usage of the role permissions.
  • Recommended Mitigation

    It is recommended to review the relevant CloudTrail events and principals that issued this API calls. In addition review the instance that the role is associated with