CloudWatch log metric filter and alarm are not set for usage of root account Affecting CloudWatch service in AWS

Snyk CCSS

Monitoring / Accounts Monitoring

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

AWS-Well-Architected CIS-AWS HIPAA ISO-27001 NIST-800-53 PCI-DSS

Snyk ID SNYK-CC-00114
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Monitoring for root account logins provides visibility into the use of a fully privileged account and the opportunity to reduce it.

How to fix?

Create an aws_cloudwatch_log_metric_filter and aws_cloudwatch_metric_alarm with an appropriate pattern attribute set for an aws_cloudwatch_log_group and aws_cloudtrail set of resources.

Use the following pattern attribute set:

$.userIdentity.type=Root
$.userIdentity.invokedByNOTEXISTS
$.eventType!=AwsServiceEvent

Terraform

References

Example: Monitor for Root Usage

CloudWatch log metric filter and alarm are not set for usage of root account Affecting CloudWatch service in AWS

Severity

Description

How to fix?

Terraform

References