AWS-Native Services
Logging Services¶
The primary security logging services in AWS are:
Types of logs¶
There are generally two broad categories of logging:
- Control plane events
- Services logs
Control plane events are events that happen at the management layer, meaning the layer responsible for managing and controlling cloud resources. This could be creating, modifying, or deleting a resource. For example, if someone modifies a security group's rules, that would be considered a control plane event.
Service logs, instead, are more specific logs that are generated by individual services or applications.
Example:
If you have AWS Lambda functions executing code and writing logs, those would be considered service logs. If someone goes in and creates a new Lambda function, then that would be a control plane event.
Log aggregators¶
The primary security logging aggregators in AWS are:
Visualization¶
The primary security visualization services in AWS:
- Amazon OpenSearch
- Amazon QuickSight
- Amazon Managed Grafana
- Amazon CloudWatch (offers custom dashboards)