Ensure a log metric filter and alarm exist for usage of 'root' account

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. It is recommended that a metric filter and alarm be established for root login attempts. Monitoring for root account logins will provide visibility into the use of a fully privileged account and an opportunity to reduce the use of it. Note: Government cloud accounts do not have a root user, and so, should exclude this rule in the CloudGuard UI -> Posture Management -> Exclusions -> Create New Exclusion (for each relevant ruleset)