AWS Console Login Failed

This rule monitors for failed AWS console logins.

Failed logins may be indicative of brute force attacks or the use of old compromised credentials.


In small numbers, this does not bear investigation. In large numbers, check for the possibility of brute force attacks and consider upgrading password strength.


  • CIS AWS Benchmark 3.6: "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures"

Last updated