- Newest
- Most votes
- Most comments
You can use event bridge to monitor cloudtrail APi calls and send a message to an SNS topic. Theres a similar example here but specifically looking at AttachUserPolicy events. Replace this with ConsoleLogin
I believe this should work for you.
AWS makes requests based on API calls.
When accessing programmatically, including CLI, credentials are saved on the local PC and requests are made according to the permissions given to the credentials. Therefore, there is no login during this process.
However, if SSO is linked through Identity Center, SSO Login can be triggered from CLI. By analyzing Identity Center records in CloudTrail, you can see who has access to SSO. For detailed API call names, please check the official documentation [1].
In the management console, users log in with a password. This is not an API call, but it is recorded in CloudTrail. For example, in CloudTrail, if you collect records with an "eventSource" of "signin.amazonaws.com", you can determine which users are logged in. Please check the official documentation [2] for specific records.
[1] https://docs.aws.amazon.com/singlesignon/latest/userguide/sso-info-in-cloudtrail.html
Relevant content
- asked a year ago
- asked 3 months ago
- Accepted Answerasked 2 months ago
- asked 2 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
i already set consolelogin in eventbridge using cloudtrail but i receieved only 1 email from one iam account and but did not not get other users login information or notification(sns). and after 1 email it didnot send any email.
Do you mean 1 x iam user? This should trigger every time an IAM user logs into the console. Remember users stay logged in up to 12 hours unless they log out and in again