Skip to content

AWS-Native Services

Logging Services

The primary security logging services in AWS are:

Types of logs

There are generally two broad categories of logging:

  • Control plane events
  • Services logs

Control plane events are events that happen at the management layer, meaning the layer responsible for managing and controlling cloud resources. This could be creating, modifying, or deleting a resource. For example, if someone modifies a security group's rules, that would be considered a control plane event.

Service logs, instead, are more specific logs that are generated by individual services or applications.


If you have AWS Lambda functions executing code and writing logs, those would be considered service logs. If someone goes in and creates a new Lambda function, then that would be a control plane event.

Log aggregators

The primary security logging aggregators in AWS are:


The primary security visualization services in AWS: