Certified Security - Specialty
  1. Rooms
  2. Certified Security - Specialty

Sign Up Free or Log In to participate!

CHAPTER 4.6 – Alert if a Root user logs in – simple solution

Here is my Solution which I have setup:

1. Turn on GuardDuty

2. Create CloudWatch Event with Pattern:

{  
  "source": [  
    "aws.guardduty"  
  ],  
  "detail": {  
    "type": [  
      "Policy:IAMUser/RootCredentialUsage"  
     ]  
  }  
}

3. Set Target SNS topic with your email/sms

4. Done.

Rubaiyat Kibria

Hi There, I have tried it. Still not working. As you recommended, I have enabled the Guradduty and then created a Cloudwatch event pattern with target set as matched expression with an existing SNS topic that works for sure. When root user logs in, SNS topic is NOT sending any email alert. Anything else I need to do? Thanks in advance,

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization