Ensure CloudWatch has an Alarm for Console Sign In Without MFA
Amazon CloudWatch is a monitoring and observability service that can give real time insight into all actions and metrics going on with-in your infrastructure. CloudWatch allows for the creation of alarms that can allow for actionable responses to events. Understanding when console access without MFA can alert you to a potential security incident and is why this is considered a security best practice. This can help with ensuring you are compliant with the CIS benchmark.