Suspicious activity

AWS root account console login without MFA

Risk Level

Informational (4)



Orca detected that the root account was used to login to AWS console without Multi-Factor Authentication (MFA). Lack of MFA on the root account can lead to unauthorized actors gaining access more easily to the account in case the credentials are compromised.
  • Recommended Mitigation

    It is highly recommended to enforce MFA on the root account. In addition, it is recommended to review the root account activity and eliminate the use of the root account by creating individual users with administrative permissions. In order to review the root account activities the following sonar query can be executed: 'CloudTrailEvent with AwsUser with Name like """"'