Create a Metric Alarm and Filter for usage of Root Account

Logging and monitoring

Create a Metric Alarm and Filter for usage of Root Account

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AWS CIS
Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
CPRA
CSA CCM
Data Security Posture Management (DSPM) Best Practices
essential_8_au
GDPR
HITRUST
ISO/IEC 27001
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Monitoring for root account logins will provide visibility into the use of a fully privileged account and an opportunity to reduce the use of it.

Recommended Mitigation

It is recommended that a metric filter and alarm be established for root login attempts.

Create a Metric Alarm and Filter for usage of Root Account

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS