Why did GuardDuty report the finding HIDDEN_DUE_TO_SECURITY_REASONS?

Last updated: 2020-01-31

Amazon GuardDuty findings or AWS CloudTrail logs display the user name as "HIDDEN_DUE_TO_SECURITY_REASONS".


Successful and failed sign-in attempts to the AWS Management Console are logged in CloudTrail logs. As a security best practice, AWS does not log the AWS Identity and Access Management (IAM) user name for sign-in failures that occur due to an incorrect user name. The user name text shows a GuardDuty finding or CloudTrail log entry as "HIDDEN_DUE_TO_SECURITY_REASONS", similar to the following sign-in failure event log example.

For more information, see Logging User Sign-in Events.

Did this article help you?

Anything we could improve?

Need more help?