AWS Logging Services, Features, and Best Practices

AWS Logging: An Overview

A logging methodology gives you continuous visibility of your resources. It also helps you in designing an incident response strategy. A lot of logging services are available in AWS, but most of us are aware of only the few which are more popular. In this blog, we will explore all those logging services, features, and best practices to be followed for logging in to AWS. 

From where can you collect the logs, and what information do they capture?  

Below are some services and features available with other services to capture the logs. 

1. CloudWatch Logs- 

Capture logs from Amazon EC2 instances, AWS CloudTrail, AWS Lambda, and other AWS resources in real-time. 

2. CloudTrail- 

Captures all the API calls as events. 

3. VPC Flow Logs- 

Captures information for all the network traffic flowing in and out of an Elastic Network Interface inside a VPC. 

4. ALB Access Logs- 

Captures information about requests sent to your Application Load Balancer. 

5. API Access Logs- 

Captures information about requests sent to your API in the API Gateway. 

6. S3 Server Access Logs- 

Captures information regarding the requests made related to objects within the S3 bucket. 

7. WAF access logs- 

Captures information about requests coming to WAF (WebACL) 

8. CloudFront Access Logs-  

Captures information about viewer requests coming to CloudFront distribution.  

Where are these options available? 

1. CloudWatch Logs-  

Install CloudWatch agent in EC2, and create a Trail in CloudTrail, For Lambda (Select Lambda Function-> Configuration tab-> Monitoring and operations tools-> Log and Metrics) 

2. CloudTrail-  

CloudTrail -> Dashboard -> Create Trail 

3. VPC Flow Logs-  

VPC -> Select VPC -> below, click the ‘Flow Logs’ tab -> Create Flow Log 

4. ALB Access Logs-  

EC2 -> Load Balancers -> Click on ALB created -> Attributes tab -> Edit -> Monitoring -> Access Logs 

5. API Access Logs-  

API Gateway -> Select your API -> Stages -> Select the stage -> Logs/Tracing tab -> check to Enable Access Logging  

6. S3 Server Access Logs-  

S3 -> select bucket -> Properties tab -> Server Access Logging -> Enable 

7. WAF Access Logs- 

WAF -> WebACL -> select your WebACL -> Logging and Metrics tab -> Logging -> Enable 

8. CloudFront Access Logs-  

CloudFront -> Select your distribution -> General tab -> Settings -> Edit -> scroll down and select ‘Standard Logging’ -> on 

Logging - Best Practices 

Below are some best practices that you can follow for any type of logging. 

• Always store all your logs in a centralized, secure repository by provisioning a separate AWS account specially created for logs collection and storage. 
• Try to keep the logs for a long-term duration with the help of the S3 Glacier storage class, as you may require these logs for analysis and auditing purposes. 

• Try to capture all possible logs that you can, as you never know when you may require them in the future. 

Conclusion

Thus, we can conclude that if you want a detect any abnormal activities and respond to them with the help of a well-designed incident response strategy, then Logging will help you a lot. Also, logging will help you in analyzing a lot of things from your AWS environment to improve the performance and security posture of your workload running in AWS Cloud. 

About CloudThat