Study Guides/AWS Cybersecurity Notes/Logging and Monitoring: Difference between revisions
From Cramsession
Jump to navigationJump to search
✍️ Verified Author: Mflavell • Click to view professional profile & credentials
(Created page with "= Logging and Monitoring = The use of Cloud Watch is a important consideration - This can capture logs from AWS services and metrics to enable automation. Logging is of vital importance in diagnosis of security and performance issues in AWS. It is possible to capture all logs in an S3 bucket, however this comes with a condition: :The access logs for the logging S3 bucket cannot be stored inside itself. :You will therefore need a seperate bucket for storing your S3...") |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 20: | Line 20: | ||
[Main Logging bucket] | [Main Logging bucket] | ||
| | | | ||
\|/ | |||
writes access logs to | writes access logs to | ||
| | | | ||
\|/ | |||
[S3 logging bucket] | [S3 logging bucket] | ||
=== Delays in S3 logging === | |||
Data is pushed to the S3 logging bucket on a "best effort" process. | |||
:: It can take a few hours to deliver s3 logs. | |||
:: S3 Logs will not be in realtime. | |||
::: AWS has a massive shared disk system - this is the reason behind the delay. | |||
== Enabling S3 access logs == | |||
This assumes you already have a bucket you want to log. | |||
* Create a bucket to log data to. | |||
Crearte a JSON file to define where to place logs: | |||
{ | |||
"LoggingEnabled": { | |||
"TargetBucket": "logging bucket", | |||
"TargetPrefix": "S3Logs/" | |||
} | |||
} | |||
Push the json file: | |||
aws s3api put-bucket-logging --bucket ''s3_bucket_to_log'' --bucket-logging-status file://s3logs.json | |||
Latest revision as of 00:38, 26 May 2026
Logging and Monitoring
The use of Cloud Watch is a important consideration - This can capture logs from AWS services and metrics to enable automation.
Logging is of vital importance in diagnosis of security and performance issues in AWS.
It is possible to capture all logs in an S3 bucket, however this comes with a condition:
- The access logs for the logging S3 bucket cannot be stored inside itself.
- You will therefore need a seperate bucket for storing your S3 logging access logs.
- Access logging for the S3 logging bucket is highly recommended - an attacker may target logging to inject bad data or delete records.
- Best practice is to create a access policy to ensure only the security team can read data from these buckets.
[Main Logging bucket]
|
\|/
writes access logs to
|
\|/
[S3 logging bucket]
Delays in S3 logging
Data is pushed to the S3 logging bucket on a "best effort" process.
- It can take a few hours to deliver s3 logs.
- S3 Logs will not be in realtime.
- AWS has a massive shared disk system - this is the reason behind the delay.
Enabling S3 access logs
This assumes you already have a bucket you want to log.
- Create a bucket to log data to.
Crearte a JSON file to define where to place logs:
{
"LoggingEnabled": {
"TargetBucket": "logging bucket",
"TargetPrefix": "S3Logs/"
}
}
Push the json file:
aws s3api put-bucket-logging --bucket s3_bucket_to_log --bucket-logging-status file://s3logs.json
