I got a requirement to send an alert email when an IAM user fails to login 3 times consecutively. What is the best practice to approach this?. I did research a lot and I was getting a lot saying: "listen to the sign in failed attempt event in cloudwatch coming from cloudtrail then trigger a lambda event to call SNS and connect it to your email". But this is for only 1 attempt. I was wondering, how can I design something for 3 attempts in AWS. Maybe use a custom db and track the users there but it seemed very complicated.
Is there any easy straightforward solution to this?
2
Answers
Sadly, no.
Yes, that would be the way. You can use dynamodb for that.
the following amazon guide will tell you that, but you’ll still need cloudwatch to see the identity of the user, this isn’t it uses the cloudtrail logs that are stored in the S3 choosen bucket and Amazon SNS
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html
the solution is a bit clumsy, but it’s still a solution