Skip to content

Logging

Architecture

For an overview of how to design a state of the art multi-account security logging platform in AWS:

References

Link Notes
How to Enable Logging on Every AWS Service in Existence (Circa 2021)
  • Tries to be the definitive guide to answer the question "how do I enable logging?" for every supported AWS service
  • Companion Google Sheet
Logging in the Cloud: From Zero to (Incident Response) Hero
  • Annotated slides of a talk which tries to answer questions like "What Should I Be Logging?", "How Specifically Should I Configure it?", and "What Should I Be Monitoring?"
  • Especially interesting since it doesn't cover only AWS, but also GCP and Azure
What You Need to Know About AWS Security Monitoring, Logging, and Alerting
  • Lays out the different AWS security monitoring and logging sources, and how to select the most appropriate collection technique for each of them
Overview of AWS Logs
  • Lists main AWS logging sources with a summary table, format, example and a Grok regex to parse log and ingest into a tool like Elastic Stack (ELK)
How to defend against DNS exfiltration in AWS?
  • When and how Route 53 Resolver DNS Firewall and GuardDuty can help you block and detect suspicious traffic