Why Choose an S3 Bucket over CloudWatch Logs? When enabling your VPC Flow Logs to capture the traffic, you have an immediate choice of where to store the logs. The industry that your organization is in, along with the types of compliance regulations you need to follow, should play a part in this decision. There […]

S3 Object-Level Logging S3 object-level logging integrates with AWS CloudTrail data events. AWS CloudTrail is a service that records and tracks all API requests that are made. These can be programmatic requests made using an SDK, using the AWS CLI, from within the AWS Management Console, or with another AWS service. When S3 object-level logging […]

Viewing the Access Logs S3 access logs can be downloaded from the AWS Management Console or the AWS CLI. S3 access logs are not written in real time; they are created in batches that take a few hours to appear in your S3 logging bucket. After a few hours, you can check your logging bucket […]

Technical Requirements Access to the AWS Management Console with an active account and the AWS CLI are required. You also need to have access to a terminal console and a text editor. S3 Access Logs Whenever you or your users store or access different objects in Amazon S3, you, as the security professional, may need […]

Anything that happens in your accounts from an infrastructure standpoint is captured in some type of log. To pass the security specialty exam and set up a secure AWS environment, it is necessary to grasp which logs contain what type of values. This section takes you through logging and monitoring in AWS and the invaluable […]

Further Reading For additional information on the AWS shared responsibility model and to gain more comprehensive understanding of AWS security, refer to the following resources: Exam Readiness Drill – Chapter Review Questions Apart from a solid understanding of key concepts, being able to think quickly under time pressure is a skill that will help you […]

A Real-World Example of Using AWS Security Hub If, in your accounts, you have deployed a custom-built AMI and that has now been found to have a vulnerability, Security Hub insights can aggregate the information and then show you that the AMI itself has an issue. This contrasts with presenting you with a list of […]

Security Standards versus Security Controls versus Security Checks When enabling the Security Hub service, you were presented with several security standards that could be used to run checks against your environment. At the time of publishing, the security standards built into the Security Hub service are as follows: Security standards allow you to focus on […]

Enabling AWS Security Hub AWS Security Hub can be enabled from the AWS Management Console. However, because Security Hub needs to have the AWS Config service enabled (and prefers to have it fully enabled, watching all resources), you will follow the following steps via CloudFormation in this walk-through as well – all via the Management […]

Security Alerting with AWS Security Hub With so many security tools available in both AWS and from third-party providers, those that are responsible for managing the alerts need a single pane of glass to centralize all the alerts and notifications coming in. AWS Security Hub helps you consolidate many of your security findings, alerts, and […]