CloudWatch and CloudWatch Metrics In the previous chapter, you looked at the different types of log files AWS can generate. This chapter will focus on the CloudWatch service. Amazon CloudWatch is the leading monitoring service used in AWS and cloud data and metrics from all supported AWS services. It allows you to gain a better […]

CloudTrail Lake AWS CloudTrail Lake is a solution that helps you store and analyze AWS CloudTrail data at a much larger scale instead of dealing with a single trail at a time. It uses Amazon S3, Amazon Athena, and AWS Glue to create a data lake that can store CloudTrail logs for an extended period […]

Data Events for S3 Buckets When you created your new trail, you enabled the data events for S3 objects. These logs closely resemble the S3 access logs but are stored in the CloudTrail logging system rather than a specified S3 bucket (in the case of S3 access logs). One of the most obvious reasons to […]

Default Settings for CloudTrail Before diving deeper into the features and functionality of the CloudTrail service, you first need to understand its default settings. Knowing this can be helpful when deciphering questions and answers regarding the CloudTrail service on the Security Specialty Certification exam. Be sure that you understand the following base concepts for the […]

Types of CloudTrail Events As discussed previously, an event is captured every time a call to the AWS API is made. This could be from the AWS Management Console, the AWS CLI, or one of the AWS SDKs. There are several types of events in CloudTrail. As a security professional and someone looking to take […]

IAM Permissions for Publishing Logs to CloudWatch Logs There is a specific set of permissions that must be enabled for a user or service to send logs to the CloudWatch Logs service: If you have CloudWatch Logs being sent to a log group in CloudWatch Logs, you also need the logs:CreateLogDelivery permission. IAM Permissions for […]

AWS WAF Full Logs AWS WAF also allows you to get detailed logs for every request that comes through. Compared to the sampled web requests, which provide information about several requests, it includes every request that passes through the WAF and which rule or set of rules matches that particular request. With Full Logs enabled, […]

Load Balancer Access Log Files Even if a request never reaches the intended target, it is captured in an access log. This includes malformed requests and is especially helpful in the context of security since malformed requests can sometimes be attempts at things such as directory transversal attacks. A sample of what is contained in […]

VPC Traffic Mirroring VPC Traffic Mirroring, as the name implies, allows you to duplicate network traffic from ENIs attached to instances so that the duplicated traffic can then be sent to third-party tools and services for traffic analysis and inspection. When configured, the duplicated traffic is sent to a target; this could be a Network […]

Accessing VPC Flow Logs for Reading After you have enabled VPC Flow Logs, the next step is to figure out how you will access them to take advantage of the data that has been collected. You can access your logs via the AWS Management Console. Since the logs will be stored in S3, you can […]