skip to Main Content

I got a requirement to send an alert email when an IAM user fails to login 3 times consecutively. What is the best practice to approach this?. I did research a lot and I was getting a lot saying: "listen to the sign in failed attempt event in cloudwatch coming from cloudtrail then trigger a lambda event to call SNS and connect it to your email". But this is for only 1 attempt. I was wondering, how can I design something for 3 attempts in AWS. Maybe use a custom db and track the users there but it seemed very complicated.
Is there any easy straightforward solution to this?

2

Answers


  1. Is there any easy straightforward solution to this?

    Sadly, no.

    Maybe use a custom db and track the users there

    Yes, that would be the way. You can use dynamodb for that.

    Login or Signup to reply.
  2. the following amazon guide will tell you that, but you’ll still need cloudwatch to see the identity of the user, this isn’t it uses the cloudtrail logs that are stored in the S3 choosen bucket and Amazon SNS

    https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html

    the solution is a bit clumsy, but it’s still a solution

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search