Rules Contributing to Suspicious AWS Root Account Activity Alert

The following rules are used to identify suspicious activity with AWS Root Account. Any one or more of these will trigger the Suspicious AWS Root Account Activity Alert. Details for each rule can be viewed by clicking the More Details link in the description.

Title

Description

AWS Root Credentials

Detects AWS root account usage

AWS Management Console Root Login

Identifies a successful login to the AWS Management Console by the Root user.

Root access key created

An access key was created for the root account.