AWS Console Login Failed

This rule monitors for failed AWS console logins.

Failed logins may be indicative of brute force attacks or the use of old compromised credentials.

Remediation

In small numbers, this does not bear investigation. In large numbers, check for the possibility of brute force attacks and consider upgrading password strength.

References

• CIS AWS Benchmark 3.6: "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures"