AWS, AWS S3, Cloud security

2 Mins Read

AWS Logging Services, Features, and Best Practices

Voiced by Amazon Polly

AWS Logging: An Overview

A logging methodology gives you continuous visibility of your resources. It also helps you in designing an incident response strategy. A lot of logging services are available in AWS, but most of us are aware of only the few which are more popular. In this blog, we will explore all those logging services, features, and best practices to be followed for logging in to AWS. 

Customized Cloud Solutions to Drive your Business Success

  • Cloud Migration
  • Devops
  • AIML & IoT
Know More

From where can you collect the logs, and what information do they capture?  

Below are some services and features available with other services to capture the logs. 

1. CloudWatch Logs- 

Capture logs from Amazon EC2 instances, AWS CloudTrail, AWS Lambda, and other AWS resources in real-time. 

2. CloudTrail- 

Captures all the API calls as events. 

3. VPC Flow Logs- 

Captures information for all the network traffic flowing in and out of an Elastic Network Interface inside a VPC. 

4. ALB Access Logs- 

Captures information about requests sent to your Application Load Balancer. 

5. API Access Logs- 

Captures information about requests sent to your API in the API Gateway. 

6. S3 Server Access Logs- 

Captures information regarding the requests made related to objects within the S3 bucket. 

7. WAF access logs- 

Captures information about requests coming to WAF (WebACL) 

8. CloudFront Access Logs-  

Captures information about viewer requests coming to CloudFront distribution.  

Where are these options available? 

1. CloudWatch Logs-  

Install CloudWatch agent in EC2, and create a Trail in CloudTrail, For Lambda (Select Lambda Function-> Configuration tab-> Monitoring and operations tools-> Log and Metrics) 

2. CloudTrail-  

CloudTrail -> Dashboard -> Create Trail 

3. VPC Flow Logs-  

VPC -> Select VPC -> below, click the ‘Flow Logs’ tab -> Create Flow Log 

4. ALB Access Logs-  

EC2 -> Load Balancers -> Click on ALB created -> Attributes tab -> Edit -> Monitoring -> Access Logs 

5. API Access Logs-  

API Gateway -> Select your API -> Stages -> Select the stage -> Logs/Tracing tab -> check to Enable Access Logging  

6. S3 Server Access Logs-  

S3 -> select bucket -> Properties tab -> Server Access Logging -> Enable 

7. WAF Access Logs- 

WAF -> WebACL -> select your WebACL -> Logging and Metrics tab -> Logging -> Enable 

8. CloudFront Access Logs-  

CloudFront -> Select your distribution -> General tab -> Settings -> Edit -> scroll down and select ‘Standard Logging’ -> on 

Logging - Best Practices 

Below are some best practices that you can follow for any type of logging. 

  • Always store all your logs in a centralized, secure repository by provisioning a separate AWS account specially created for logs collection and storage. 
  • Try to keep the logs for a long-term duration with the help of the S3 Glacier storage class, as you may require these logs for analysis and auditing purposes. 
  • Try to capture all possible logs that you can, as you never know when you may require them in the future. 

Conclusion

Thus, we can conclude that if you want a detect any abnormal activities and respond to them with the help of a well-designed incident response strategy, then Logging will help you a lot. Also, logging will help you in analyzing a lot of things from your AWS environment to improve the performance and security posture of your workload running in AWS Cloud. 

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training PartnerAWS Migration PartnerAWS Data and Analytics PartnerAWS DevOps Competency PartnerAWS GenAI Competency PartnerAmazon QuickSight Service Delivery PartnerAmazon EKS Service Delivery Partner AWS Microsoft Workload PartnersAmazon EC2 Service Delivery PartnerAmazon ECS Service Delivery PartnerAWS Glue Service Delivery PartnerAmazon Redshift Service Delivery PartnerAWS Control Tower Service Delivery PartnerAWS WAF Service Delivery PartnerAmazon CloudFront Service Delivery PartnerAmazon OpenSearch Service Delivery PartnerAWS DMS Service Delivery PartnerAWS Systems Manager Service Delivery PartnerAmazon RDS Service Delivery PartnerAWS CloudFormation Service Delivery PartnerAWS ConfigAmazon EMR and many more.

FAQs

1. What is Logging?

ANS: – To understand what is happening in your environment and respond with some action in case of some abnormal activity or incident, you can use logging. It also helps you to analyze the findings and get insights. 

2. Are these logging services free or chargeable?

ANS: – Some are free, and some are chargeable. Also, you must consider the expenses for storing the logs. 

WRITTEN BY Abhijit Dilip Powar

Share

Comments

  1. Anush G R

    Jan 28, 2023

    Reply

    Good One Abhijit

  2. Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!