"(The attacker) proceeds to create temporary security credentials using the AWS (STS) Security Token Service. These credentials are valid for a period of time ranging from 15 mins to 36 hours based on the parameters used when requesting the tokens. In this example, the attacker uses 36 hours."<p>I don't use AWS often. Does AWS provide a way to receive notifications when AWS STS commands are run? Or do some admins setup syslogging to capture these events?