Project Objective:
The goal of this project is to monitor and detect sensitive activities performed by the AWS Root account. Since the root account has unrestricted access, it is important to receive real-time alerts anytime it is used. Using CloudTrail for logging, SNS (Simple Notification Service) for alerting and CloudWatch Events, I set up an automated system to notify me via email whenever the root account logs in or performs critical actions.
Tools I Used:
- AWS CloudTrail: For logging User and API activity
- AWS SNS: For sending notification alerts
- AWS IAM: For user identity and access management
- AWS cloudwatch: For event rules and automation
- S3 Bucket: To store Cloudtrail logs
- Email: As an alert destination
Project Steps And Implementation:
Step 1: Logged into AWS using Root Account
- Accessed the AWS console using root account credentials. This was done only for testing purposes( not recommended in production environments)
Step 2: Simulated a Sensitive Action
- Navigated to My account > Billing Dashboard. This counts as a sensitive root activity that should be monitored
.png)
Step 3: Enabled CloudTrail For Logging
- Opened the CloudTrail Service from the AWS Console
- Clicked on Trails > Create Trail. Named the trail (RootMonitoringTrails1)
- Selected Create a new s3 bucket to store logs
- Enabled logging for Management Events and choose All Regions so the trail captures all activities globally