< Back

Monitoring: AWS account root user login

The AWS account root user has complete access to all AWS services and resources in an account. This identity is accessed by signing in with the email address and password that was used to create the account. As a best practice, we do not recommend using these credentials for everyday tasks.

Why should you monitor AWS account root user logins?

The AWS account root user should only be used in emergency situations. For example, in case you locked yourself out of an AWS account by a misconfigured IAM policy. In day-to-day use, the credentials for the AWS account root user should be kept in a safe place and not used. The use of the AWS account root user is a security risk and should be closely monitored.

Monitoring: AWS Certificate Manager (ACM)

How does monitoring AWS account root user logins work?

Without further ado, marbot notifies you about AWS account root user logins. Here is, what an alert caused by an root user login looks like in Microsoft Teams.

AWS Certificate Manager (ACM) alert in Micoft Teams

And here is the same alert in Slack.

AWS Certificate Manager (ACM) in Slack

How to setup monitoring of AWS account root user logins?

marbot works with Slack and Microsoft Teams. Please select your platform and follow the Getting started guide.

More help needed? Or want to share feedback?

If you experience any issues, let us know.

E-mail icon
marbot teaser

Chatbot for AWS Monitoring

Configure monitoring for Amazon Web Services: CloudWatch, EC2, RDS, EB, Lambda, and more. Receive and manage alerts via Slack. Solve incidents as a team.

Add to Slack
Microsoft Teams
Add to Teams