turbot/aws_compliance

Control: Ensure a log metric filter and alarm exist for usage of 'root' account

Description

You can do real-time monitoring of API calls directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms.Security Hub recommends that you create a metric filter and alarm for root login attempts. Monitoring for root account logins provides visibility into the use of a fully privileged account and an opportunity to reduce the use of it.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.log_metric_filter_root_login

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.log_metric_filter_root_login --share

SQL

This control uses a named query:

log_metric_filter_root_login

Tags