Ensure there is a CloudWatch alarm created in your account that is triggered when there are three or more AWS Management Console sign-in failures during a five minute period.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using AWS CloudWatch alarms to monitor your AWS Console authentication process will help you to plan and implement the appropriate security measures in order to protect your account against brute-force attacks.
Note 1: For this rule Cloud Conformity assumes that the CloudTrail service is already enabled to stream event log data to CloudWatch in your AWS account, otherwise see this rule for AWS Cloudtrail – CloudWatch integration.
Note 2: You can specify a custom name for the alarm using the rule configuration settings available on Cloud Conformity dashboard. Otherwise, the default name used for this rule will be “Console Sign-in Failures”.
To determine if you have any CloudWatch alarms that are monitoring sign-in failures within your AWS account, perform the following:
Remediation / Resolution
Step 1: Create a Simple Notification Service (SNS) topic and the necessary subscriptions to send notifications whenever the CloudWatch alarm is firing.
Step 2: Create the AWS CloudWatch alarm that is triggered when there are three or more sign-in failures during a five minute period.
- AWS Documentation
- Amazon CloudWatch Concepts
- Creating CloudWatch Alarms for CloudTrail Events: Examples
- Sending CloudTrail Events to CloudWatch Logs
- Create a Topic
- Subscribe to a Topic
- Creating Amazon CloudWatch Alarms
- Create or Edit an Alarm
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Console Sign-in Failures Alarm
Risk level: Medium