Control: Ensure a log metric filter and alarm exist for usage of 'root' account
You can do real-time monitoring of API calls directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms.Security Hub recommends that you create a metric filter and alarm for root login attempts. Monitoring for root account logins provides visibility into the use of a fully privileged account and an opportunity to reduce the use of it.
Run the control in your terminal:
steampipe check aws_compliance.control.log_metric_filter_root_login
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.control.log_metric_filter_root_login
This control uses a named query:log_metric_filter_root_login