Let us look at best practices for monitoring, logging, and auditing in AWS:
- Log everything: AWS provides AWS CloudTrail that logs all API activities for your AWS account. Enable this service for all regions and create a trail to audit these activities whenever required. Take advantage of the AWS cloud-native logging capabilities for all AWS services. Collect, store, and process logs for infrastructure such as VPC flow logs, AWS services, and logs for your applications to ensure continuous monitoring and continuous compliance. Use CloudWatch Logs to process all log data, and S3 for storing it.
- Enable AWS CloudWatch: Ensure that you are using AWS CloudWatch to monitor all your resources in AWS including data, services, servers, applications, and other AWS native tools and features such as ELBs, auto scaling groups, and so on. Use metrics, dashboards, graphs, and alarms to create preventive solutions for security incidents.
- Continuous compliance: Use AWS Trusted Advisor to proactively check for issues related to security configuration of your AWS resources. Set up a pre-defined inventory for all your hardware and software resources including versions and configurations in the AWS service catalog to provide a guardrail for your users, helping them to choose only compliant resources for their workloads. Use AWS Config to notify the user in real time about changes in configuration from their pre-defined configuration of resources.
- Automate compliance and auditing: Use combinations of AWS CloudTrail, AWS SNS, AWS Lambda, AWS Config Rules, CloudWatch Logs, CloudWatch Alerts, Amazon Inspector, and so on to automate compliance and auditing for all resources and all workloads deployed in your AWS account.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.