Root User Login Without MFA

Overview

This detector identifies whenever someone logs in to the AWS console as the root user without Multifactor Authentication (MFA). Login events are identified by monitoring AWS CloudTrail.

The root user is the most powerful administrative user in the account, and it generally has full access to all resources in the account. The root user should not be used for day-to-day administrative tasks, and it should only be accessible with MFA to reduce the risk of a compromised credential.

Issues are automatically resolved after a configurable duration so that future login events will create new issues, periodically.

Vendor

AWS

Overview​

Vendor​

Severity​

Overview

Vendor

Severity