Resolution
----------

Successful and failed sign-in attempts for Identity and Access Management (IAM) users and federated users to the AWS Management Console are logged in CloudTrail logs. As a security best practice, AWS doesn't log the entered IAM user name text when the sign-in failure is caused by an incorrect user name. The user name text shows a GuardDuty finding or CloudTrail log entry as "HIDDEN\_DUE\_TO\_SECURITY\_REASONS", similar to the following [sign-in failure event log example](https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#hiddensecurity).

For more information, see [Logging user sign-in events](https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-users).

Related information
-------------------

[Security best practices in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)

[CloudTrail userIdentity element](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)

I want to know why Amazon GuardDuty findings or AWS CloudTrail logs display the user name as "HIDDEN_DUE_TO_SECURITY_REASONS".

Learn why GuardDuty reports the finding HIDDEN_DUE_TO_SECURITY_REASONS

Why did GuardDuty report the finding HIDDEN_DUE_TO_SECURITY_REASONS?

Sicherheit, Identität & Konformität

Warum habe ich eine Amazon-GuardDuty-Meldung für Erkenntnistyp UnauthorizedAccess:IAMUser/TorIPCaller oder Recon:IAMUser/TorIPCaller für meinen IAM-Benutzer oder meine IAM-Rolle erhalten?

Why did GuardDuty report the finding HIDDEN_DUE_TO_SECURITY_REASONS?

Resolution

Related information

Relevanter Inhalt