We've already looked at many aspects of security, such as confidentiality, integrity, authentication, authorization, and availability. Accountability, the A in the CIA model, can be achieved through continuous monitoring, alerting, and regular auditing. Proper monitoring and alerting can also help in better availability through auto-remediation. In this chapter, we will look into Amazon CloudWatch, AWS CloudTrail, and AWS Config. CloudWatch is the primary service within AWS for application logging, monitoring, and alerting. CloudTrail can log the API calls within AWS. AWS Config can record and evaluate configurations. We will also learn about the Simple Notification Service (SNS), which will allow us to send notifications. 

In this chapter, we will cover the following recipes:

• Creating an SNS topic to send emails
• Working with CloudWatch alarms and metrics
• Creating a dashboard in CloudWatch
• Creating a CloudWatch log group
• Working with CloudWatch events
• Reading and filtering logs in CloudTrail
• Creating a trail in CloudTrail
• Using Athena to query CloudTrail logs in S3
• Cross-account CloudTrail logging
• Integrating CloudWatch and CloudTrail
• Setting up and using AWS Config