owasp-cloud-security icon indicating copy to clipboard operation
owasp-cloud-security copied to clipboard
verified publisher icon owasp-cloud-security

IAM - Failed login attempts go un-noticed

Open msaindane opened this issue 8 years ago • 2 comments

CloudTrail is not enabled by default. Unsuccessful login attempts will not be logged unless CloudTrail is enabled.

NOTE: unsuccessful sign-in events by the root user are not logged by CloudTrail.

Mitigation:

  • Enable CloudTrail to log all sign-in attempts

Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html

msaindane avatar Oct 23 '17 14:10 msaindane

Or should this be under CloudTrail?

There are other threats associated with CloudTrail that needs to be aware of as well.

msaindane avatar Oct 23 '17 15:10 msaindane

I would say the threat in this case applies to IAM, but the mitigation is via CloudTrail and you'd still have to monitor those specific event types.

zeroXten avatar Oct 24 '17 00:10 zeroXten