As a design principle and best practice—log everything. In addition, if you collect all your logs centrally then you can correlate between various log records for more comprehensive threat analysis and mitigation. However, ensure your logging mechanism is scalable and does not unduly impact the performance of your application. For example, you can use SQS with auto-scaling based on queue depth for the logging activity. In addition, you can also use products like Logstash and Kibana to help centralize log collection and visualization. Kibana dashboards are dynamic and support features for drill down, reporting, and so on. In addition, you can automate responses to certain events in your logs using AWS CloudWatch and SNS.