explaingit

nebularover77/aws-root-login-alert

Analysis updated 2026-05-18

0ShellAudience · ops devopsComplexity · 3/5Setup · moderate

TLDR

A Terraform module that automatically emails or texts your security team the moment someone signs into the AWS root account console.

Mindmap

mindmap
  root((aws-root-login-alert))
    What it does
      Detects root logins
      Sends SNS alerts
      Audits root credentials
    Tech stack
      Terraform
      AWS EventBridge
      Shell
    Use cases
      Alert on root sign-in
      Manage subscribers
      Audit member accounts
    Audience
      DevOps engineers
      Security teams

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Get an immediate email or SMS alert whenever the AWS root user signs into the console.

USE CASE 2

Audit member accounts in an AWS Organization for standing root credentials.

USE CASE 3

Manage email and SMS subscribers for security alerts from the command line.

USE CASE 4

Enable multi-region CloudTrail logging alongside the root login alert.

What is it built with?

TerraformAWS EventBridgeAWS SNSAWS CloudTrailShellPython

How does it compare?

nebularover77/aws-root-login-alert123satyajeet123/bitnet-serveralexbloch-ia/legal-data
Stars000
LanguageShellShellShell
Setup difficultymoderateeasymoderate
Complexity3/52/52/5
Audienceops devopsdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires an AWS account and CLI profile with permissions for EventBridge, SNS, CloudTrail, S3, and IAM.

No license information is provided in the README.

In plain English

This is a Terraform module, a reusable piece of cloud infrastructure code, that sets up automatic alerts whenever the root user of an AWS account signs into the console. In AWS, the root user has unlimited access to every resource in a cloud account. Signing in as root should almost never happen during normal operations, so when it does, security teams want to know right away. The module creates several cloud resources on your behalf: an EventBridge rule that watches for root console sign-in events, an SNS topic that routes the alert, email and optional SMS subscriptions to receive the notification, and optionally a CloudTrail trail that captures management events across multiple AWS regions along with an S3 bucket to store those logs. Once deployed, any root login triggers an immediate message to the configured recipients. To set it up, you clone the repository, run an interactive setup script that records your alert email and other choices, then run a deploy script that applies the Terraform changes to your AWS account. A collection of helper scripts covers day to day management: adding or removing email and SMS subscribers, listing the installed resources, checking whether recent root logins occurred, and diagnosing SMS delivery problems. A separate audit script can check member accounts in an AWS Organizations setup to see whether standing root credentials have been removed, which is a recommended security baseline. The repository is mostly Shell for the helper scripts, with Terraform handling the infrastructure definitions. It requires Terraform 1.5.0 or later, the AWS provider 5.0 or later, AWS CLI v2, Bash, and Python 3, along with an AWS profile that has permission to create EventBridge, SNS, CloudTrail, S3, and IAM resources.

Copy-paste prompts

Prompt 1
Help me deploy aws-root-login-alert into my AWS Organizations management account using setup.sh and deploy.sh.
Prompt 2
Explain what EventBridge pattern this module uses to detect a root console sign-in.
Prompt 3
Show me how to add and remove email or SMS subscribers with manage-subscribers.sh.
Prompt 4
Walk me through troubleshooting why my root login SMS alert did not arrive.

Frequently asked questions

What is aws-root-login-alert?

A Terraform module that automatically emails or texts your security team the moment someone signs into the AWS root account console.

What language is aws-root-login-alert written in?

Mainly Shell. The stack also includes Terraform, AWS EventBridge, AWS SNS.

What license does aws-root-login-alert use?

No license information is provided in the README.

How hard is aws-root-login-alert to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is aws-root-login-alert for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.