Logging and monitoring

Create a Metric Alarm and Filter for usage of Root Account

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Monitoring for root account logins will provide visibility into the use of a fully privileged account and an opportunity to reduce the use of it.
  • Recommended Mitigation

    It is recommended that a metric filter and alarm be established for root login attempts.