Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
26Dashboards
1161Controls
568Queries
2Variables
GitHub
Loading controls...

Control: Ensure a log metric filter and alarm exist for usage of 'root' account

Description

You can do real-time monitoring of API calls directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms.Security Hub recommends that you create a metric filter and alarm for root login attempts. Monitoring for root account logins provides visibility into the use of a fully privileged account and an opportunity to reduce the use of it.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.log_metric_filter_root_login

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.log_metric_filter_root_login --share

SQL

This control uses a named query:

log_metric_filter_root_login

Tags

category = Compliance
gdpr = true
hipaa_final_omnibus_security_rule_2013 = true
hipaa_security_rule_2003 = true
nist_800_171_rev_2 = true
nist_csf = true
pci_dss_v321 = true
plugin = aws
service = AWS/CloudWatch