Francois Boer
@Ryan, I found another AWS article with a solution for monitoring root account usage. This article was written in 2017 and it looks like the outcome is similar to the one provided in your video. What do you think will be the best solution to use? Thanks!
2 Answers
Faye Ellis
Hi, which article are you talking about? if you share it we might be able to answer.
Faye
Cahit Öz
"Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs."
So in essence we are setting a CloudTrial event and AWS suggester to monitor it via Guardduty
Hi Faye. Here we go: https://aws.amazon.com/blogs/mt/monitor-and-notify-on-aws-account-root-user-activity/ Sorry for not attaching the link in the previous post. I also reached out to AWS regarding the same issue and they recommended using GuardDuty for monitoring root account usage. The AWS articles were both written before the launch of GuardDuty. I would like to know your thoughts as well.