Build a multi-account access notification system with Amazon EventBridge
Blog
This article describes a serverless solution for notifying security teams when users access sensitive AWS accounts, using EventBridge, Lambda, DynamoDB, and SNS.
- Monitors console logins across multi-account AWS Organizations environments
- Sends notifications for root user access and specified IAM principals
- Uses DynamoDB configuration table with inclusion/exclusion rules by account, OU, or organization-wide
- Deploys via two CloudFormation stacks: CentralEventBus (audit account) and ManagementAccount (org management)
- Supports flexible rule matching with partial/complete principal matching logic
- Exclusion rules take priority over inclusion rules
- Compatible with AWS Control Tower and CloudTrail event integration
This solution enables organizations to implement security best practices by automating alerts on high-risk account access without custom development.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.