- Newest
- Most votes
- Most comments
Your concern about account lockouts due to brute force login attempts on the IAM Identity Center portal is valid. Since the portal is internet-facing, it could potentially be subjected to such attacks.
A few things you can do to help mitigate this risk:
-
Enable multi-factor authentication (MFA) for administrative users who access the portal. This adds an extra layer of security beyond just a password.
-
Monitor sign-in logs and alerts from IAM Identity Center and Active Directory for any suspicious activity. This can help detect brute force attempts early.
-
Use threat detection services like Amazon GuardDuty or AWS Security Hub to monitor for abnormal login patterns that could indicate a brute force attack.
-
Consider implementing rate limiting on the IAM Identity Center portal to restrict the number of failed login attempts within a certain time period. This can help prevent account lockouts.
-
Make sure your Active Directory password policies are properly configured to restrict weak, reused or predictable passwords. Stronger passwords raise the bar for attackers.
-
Use a web application firewall or AWS WAF to filter and block traffic patterns typical of brute force attacks at the network layer, before it even reaches the portal.
Sources [1] [Manage your identity source - AWS IAM Identity Center] (https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source.html) [2] [Using Active Directory as an identity source - AWS IAM Identity Center] (https://docs.aws.amazon.com/singlesignon/latest/userguide/gs-ad.html) [3] [Manage identities in IAM Identity Center - AWS IAM Identity Center] (https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-sso.html)
Relevant content
- asked 9 months ago
- asked 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Thank you for your reply. I understand that measures 1, 2, 3, and 5 can help prevent and monitor brute force attacks on the account. However, even with these measures in place, it is still not possible to completely avoid the account being locked due to persistent brute force attempts. Measures 4 and 6 seem useful, but I have been unable to find information on how to configure them. Do you have any specific configuration or reference materials that could help me understand how to configure these measures?