Objective:
Notify administrators via email whenever a root user sign-in event occurs.
Using Amazon EventBridge and Amazon SNS:
EventBridge: Captures the root user sign-in events from AWS CloudTrail.
SNS: Publishes email notifications to subscribed recipients.
Steps to Implement:
Step 1: Enable CloudTrail for management events if not already enabled.
Step 2: Create an EventBridge rule:
Event pattern:
{
"source": ["aws.signin"],
"detail-type": ["AWS Console Sign In via Root Account"]
}
Step 3: Set the rule target to an SNS topic.
Step 4: Subscribe email addresses to the SNS topic.
AWS References:
EventBridge Rules:Creating EventBridge Rules
SNS Subscriptions:Amazon SNS Subscriptions
Why Other Options Are Incorrect:
Option A: Trusted Advisor does not directly send notifications for root sign-ins.
Option B: Using an EC2 instance and scripts is less efficient and not operationally optimized.
Option C: Sending notifications to SQS introduces unnecessary complexity and delays.
Submit