- 最新
- 投票最多
- 评论最多
Hello.
I tried resetting the root user's password by setting it up with my AWS account, but the email is only sent to the root user's email address.
Emails were not sent to the email address set using the steps in the document below.
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html
We recommend configuring MFA for AWS root users.
From a technical standpoint I recommend setting up an EventBrige rule that captures Login Events for root user and then sending the json through a transformer with SNS to a relevant contact.
There's a post about something similar here: https://repost.aws/knowledge-center/root-user-account-eventbridge-rule
Enabling MFA for the root user will help to address this security concern -> https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html
I already have MFA setup, but I am understanding that can also be reset using the root email
Thanks for the suggestion. Looks like a complicated way to do something quite simple but will take a look
Oh it's not complicated at all. The json transfromer is a personal suggestion so the email to you looks clean and human readable instead of json block text. You don't need to use CF at all to implement it. Just make an eventbridge rule for UserIdentity root for login events and have it send through SNS to your email (or security contact).
Ok, I just set it up, I agree its quite straightforward, thanks