AWS > Cloudwatch >

Require Non Mfa Login Alarm

LOW

Source

Trivy

Frameworks

CIS AWS 1.4

CIS AWS 1.2

ID

AVD-AWS-0148

You can do real-time monitoring of API calls by directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms.

CIS recommends that you create a metric filter and alarm console logins that aren’t protected by MFA. Monitoring for single-factor console logins increases visibility into accounts that aren’t protected by MFA.

Impact

Not alerting on logins with no MFA allows the risk to go un-notified.

Links

https://aws.amazon.com/iam/features/mfa/

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

Copyright © 2023 Aqua Security Software Ltd. Privacy Policy | Terms of Use