AWS CDK Root Account Use Alarm

This AWS CDK stack sets up an Amazon EventBridge alarm to detect root account logins and sends a notification through Amazon SNS when such logins are detected. There are two variations of the stack available:

RootAccountUseAlarmStack: This stack deploys an EventBridge alarm. Use this if you already have CloudTrail enabled and want to use an existing trail.

RootAccountUseAlarmWithCloudTrailStack: This stack also creates an AWS CloudTrail trail for management events related to the root account. Use this if you don't have an existing trail or want to create a dedicated trail for root account management events.

Prerequisites

Before deploying this stack, you need the following prerequisites:

AWS CLI installed and configured with appropriate credentials.
Node.js installed, as the AWS CDK is built on Node.js.
Python 3 installed (for creating a virtual environment).

Virtual Environment Setup

Create a virtual environment for the project inside the main directory. On macOS and Linux, use the following command:

python3 -m venv .venv

On Windows, use the following command:

py -3 -m venv .venv

Activate the virtual environment. On macOS and Linux, use the following command:

source .venv/bin/activate

On Windows, use the following command:

.venv\Scripts\activate.bat

Install Dependencies

Install the dependencies for the project:

pip install -r requirements.txt

CloudFormation Template Synthesis

After activating the virtual environment, synthesize the CloudFormation template for this code:

cdk synth

Deployment Steps

Choose one of the following stacks to deploy, depending on whether you have an existing CloudTrail trail or want to create a new one: Option 1: Deploying RootAccountUseAlarmWithCloudTrailStack (with CloudTrail trail)

cdk deploy RootAccountUseAlarmWithCloudTrailStack --parameters email=<email> --profile <profile>

Option 2: Deploying RootAccountUseAlarmStack (without CloudTrail trail)

cdk deploy RootAccountUseAlarmStack --parameters email=<email> --profile <profile>

Clean Up

To remove the stack and its resources from your AWS account, use the following command:

cdk destroy --profile <profile>

This command will delete all the resources created by the stack.

Additional Information

AWS CDK documentation: https://docs.aws.amazon.com/cdk/latest/guide/home.html
AWS CloudTrail documentation: https://aws.amazon.com/cloudtrail/
Amazon SNS documentation: https://aws.amazon.com/sns/
Amazon EventBridge documentation: https://aws.amazon.com/eventbridge/

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
root_account_use_alarm		root_account_use_alarm
tests		tests
.gitignore		.gitignore
README.md		README.md
app.py		app.py
cdk.json		cdk.json
exports.sh		exports.sh
requirements.txt		requirements.txt
source.bat		source.bat
source.ps1		source.ps1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

AWS CDK Root Account Use Alarm

Prerequisites

Virtual Environment Setup

Install Dependencies

CloudFormation Template Synthesis

Deployment Steps

Clean Up

Additional Information

About

Releases

Packages

Languages

sidor2/root-account-use-alarm

Folders and files

Latest commit

History

Repository files navigation

AWS CDK Root Account Use Alarm

Prerequisites

Virtual Environment Setup

Install Dependencies

CloudFormation Template Synthesis

Deployment Steps

Clean Up

Additional Information

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages