SEC 10. How are you capturing and analyzing AWS logs?
Capturing logs is critical for investigating everything from performance to security incidents. The current best practice is for the logs to be periodically moved from the source either directly into a log processing system (e.g., Splunk, Papertrail, etc.) or stored in an Amazon S3 bucket for later processing based on business needs. Common sources of logs are AWS API and user-related logs (e.g., AWS CloudTrail), AWS service-specific logs (e.g., Amazon S3, Amazon CloudFront, etc.), Operating system-generated logs, and third-party application-specific logs.
Best practices:
ï‚· AWS CloudTrail.
ï‚· Elastic Load Balancing (ELB) logs.
ï‚· Amazon Virtual Private Cloud (VPC) filter logs.
ï‚· Amazon S3 bucket logs.
ï‚· Amazon CloudWatch logs.
ï‚· Other AWS service-specific log sources.
ï‚· Operating system or third-party application logs.
ï‚· AWS Marketplace solution is being used.