Loading controls...
Control: Ensure a log metric filter and alarm exist for AWS Management Console sign-in without MFA
Description
You can do real-time monitoring of API calls by directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Security Hub recommends that you create a metric filter and alarm console logins that aren't protected by MFA.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.log_metric_filter_console_login_mfa
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.log_metric_filter_console_login_mfa --share
SQL
This control uses a named query:
log_metric_filter_console_login_mfa