You must be logged in to view saved presets
Failed Console Logins Alarm
A CloudWatch Alarm that triggers if there are AWS Management Console authentication failures.
Prerequisites: This Alarm requires CloudTrail enabled, with events sent to a CloudWatch Log Group. See Related Configuration Items for configuration to enable CloudTrail/CloudWatch, or enter the CloudWatch Log Group name under the Metric Filter Configuration section.Items
3
Size
1.2 KB
Missing Parameters
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
SnsTopicMetricFilterCloudWatchAlarm:
Type: 'AWS::SNS::Topic'
Properties:
Subscription:
- Endpoint: email@example.com
Protocol: email
TopicName: alarm-action
CloudWatchAlarm:
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmName: failed_console_logins
AlarmDescription: A CloudWatch Alarm that triggers if there are AWS Management Console authentication failures.
MetricName: ConsoleLoginFailures
Namespace: CloudTrailMetrics
Statistic: Sum
Period: '300'
EvaluationPeriods: '1'
Threshold: '1'
ComparisonOperator: GreaterThanOrEqualToThreshold
AlarmActions:
- Ref: SnsTopicMetricFilterCloudWatchAlarm
TreatMissingData: notBreaching
MetricFilterCloudWatchAlarm:
Type: 'AWS::Logs::MetricFilter'
Properties:
LogGroupName: ''
FilterPattern: '{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }'
MetricTransformations:
- MetricValue: '1'
MetricNamespace: CloudTrailMetrics
MetricName: ConsoleLoginFailures
Parameters: {}
Metadata: {}
Conditions: {}
Actions
Customize Template
* Required field
© 2025 asecurecloud. All rights reserved.