Analysis updated 2026-05-18
Get an immediate email or SMS alert whenever the AWS root user signs into the console.
Audit member accounts in an AWS Organization for standing root credentials.
Manage email and SMS subscribers for security alerts from the command line.
Enable multi-region CloudTrail logging alongside the root login alert.
| nebularover77/aws-root-login-alert | 123satyajeet123/bitnet-server | alexbloch-ia/legal-data | |
|---|---|---|---|
| Stars | 0 | 0 | 0 |
| Language | Shell | Shell | Shell |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 3/5 | 2/5 | 2/5 |
| Audience | ops devops | developer | general |
Figures from each repo's GitHub metadata at analysis time.
Requires an AWS account and CLI profile with permissions for EventBridge, SNS, CloudTrail, S3, and IAM.
This is a Terraform module, a reusable piece of cloud infrastructure code, that sets up automatic alerts whenever the root user of an AWS account signs into the console. In AWS, the root user has unlimited access to every resource in a cloud account. Signing in as root should almost never happen during normal operations, so when it does, security teams want to know right away. The module creates several cloud resources on your behalf: an EventBridge rule that watches for root console sign-in events, an SNS topic that routes the alert, email and optional SMS subscriptions to receive the notification, and optionally a CloudTrail trail that captures management events across multiple AWS regions along with an S3 bucket to store those logs. Once deployed, any root login triggers an immediate message to the configured recipients. To set it up, you clone the repository, run an interactive setup script that records your alert email and other choices, then run a deploy script that applies the Terraform changes to your AWS account. A collection of helper scripts covers day to day management: adding or removing email and SMS subscribers, listing the installed resources, checking whether recent root logins occurred, and diagnosing SMS delivery problems. A separate audit script can check member accounts in an AWS Organizations setup to see whether standing root credentials have been removed, which is a recommended security baseline. The repository is mostly Shell for the helper scripts, with Terraform handling the infrastructure definitions. It requires Terraform 1.5.0 or later, the AWS provider 5.0 or later, AWS CLI v2, Bash, and Python 3, along with an AWS profile that has permission to create EventBridge, SNS, CloudTrail, S3, and IAM resources.
A Terraform module that automatically emails or texts your security team the moment someone signs into the AWS root account console.
Mainly Shell. The stack also includes Terraform, AWS EventBridge, AWS SNS.
No license information is provided in the README.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.