Logging

Architecture

For an overview of how to design a state of the art multi-account security logging platform in AWS:

• Marco Lancini Security Logging in Cloud Environments - AWS

References

Link	Notes
How to Enable Logging on Every AWS Service in Existence (Circa 2021)	Tries to be the definitive guide to answer the question "how do I enable logging?" for every supported AWS service Companion Google Sheet
Logging in the Cloud: From Zero to (Incident Response) Hero	Annotated slides of a talk which tries to answer questions like "What Should I Be Logging?", "How Specifically Should I Configure it?", and "What Should I Be Monitoring?" Especially interesting since it doesn't cover only AWS, but also GCP and Azure
What You Need to Know About AWS Security Monitoring, Logging, and Alerting	Lays out the different AWS security monitoring and logging sources, and how to select the most appropriate collection technique for each of them
Overview of AWS Logs	Lists main AWS logging sources with a summary table, format, example and a Grok regex to parse log and ingest into a tool like Elastic Stack (ELK)
How to defend against DNS exfiltration in AWS?	When and how Route 53 Resolver DNS Firewall and GuardDuty can help you block and detect suspicious traffic