Q
Get started Bring yourself up to speed with our introductory content.

AWS logs connect the configuration management dots

Configuration changes help developers build at a faster pace -- as long as those changes are wanted. How can we quickly diagnose and fix undesirable AWS configurations?

When an IT team applies AWS permissions that aren't strict enough, it allows the entire staff to make configuration...

changes. If one member makes a change that doesn't reflect the needs or desires of the business, administrators need to find it and quickly change it. But determining who made the change or when it occurred is difficult without AWS logs.

AWS Config is a configuration management service that integrates with AWS CloudTrail to log API calls in AWS. Amazon Simple Storage Service stores these logs in a bucket to inspect and evaluate later. AWS CloudTrail captures API calls to various native services, including AWS Config.

Administrators can correlate AWS Config history with AWS CloudTrail log entries to glean detailed information about configuration changes. They also can parse through AWS logs to find the origin of an API request, including when the request occurred, who made the request and how the requested change affects resources or services. Admins can use this information to produce detailed audits, easily troubleshoot problems and isolate inappropriate or malicious behavior within an AWS account.

AWS CloudTrail logs record a significant number of details in JSON format, which can be difficult to parse and read. It's beneficial to have experience with CloudTrail and log analysis, including regular reviews of AWS logs, to get the most out of this monitoring tool.

Next Steps

Use AWS Config to audit your resources

Compliance and AWS Config are a match

Customize metrics to get the most out of AWS logs

This was last published in May 2017

Dig Deeper on AWS compliance, governance, privacy and regulations

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What tools do you use to track and review AWS logs?
Cancel
I used to use AWS console, which is not very efficient for this purpose. I also tried to use Athena to analyze the logs. It works well for ELB logs, but for the purpose of security I am planning to use Lambda. I would love to heare  about experiences using Lambda for this purpose.
Cancel

-ADS BY GOOGLE

SearchCloudApplications

TheServerSide

SearchSoftwareQuality

SearchCloudComputing

Close