Anything that happens in your accounts from an infrastructure standpoint is captured in some type of log. To pass the security specialty exam and set up a secure AWS environment, it is necessary to grasp which logs contain what type of values. This section takes you through logging and monitoring in AWS and the invaluable insights and clarity these processes offer regarding your infrastructure and applications.
The section comprises the following chapters:
As your workloads run in AWS from day to day, they will generate different types of logs. These various types of logs are what you will learn about in Chapter 7. These logs range from networking logs generated by VPC flow logs and load balancers to access logs generated by the S3 service, along with CloudTrail, which records each API call. You will even learn about the different services that publish logs to the AWS native log service—CloudWatch Logs.
When it comes to logging and monitoring in AWS, it is crucial that organizations know how to take the values from the log files and build metrics and alerts so they know both when everything is at a baseline, calm state as well as when they need to be more alert. This concept is addressed in Chapter 8. Utilizing the CloudWatch service, you can not only capture logs from other AWS services but also capture metrics and then use those metrics to power automation. This helps you act faster and with fewer errors than you could manually.
In Chapter 9, you will learn how to parse all the information that has been gathered from logs so that you can determine the relevant pieces using tools and services native to AWS. You will review some sample architectures that allow you to capture streaming events and examine the logs you have already stored and need to find specific values from.
Logging and monitoring are important aspects of security, and they will be discussed in detail in upcoming chapters.
As you, your users, and your customers perform your day-to-day functions in AWS, you can capture and store those actions in various logging formats from the different services.
Configuring and enforcing logging across your services helps significantly when identifying potential issues, not just from a security perspective but also from a performance and availability perspective.
This chapter will cover the various types of logs the AWS services produce. You will also examine where they are stored and review their different formats. Knowing how to toggle test logs on and off and how to read the various log files is essential when you need to investigate a particular event or respond to a security incident.
The following main topics will be covered in this chapter: