How to Implement & Enable Logging Across AWS Services (Part 1 of 2)
1h 4m

This course is part 1 of a 2 part course series which focuses on a number of key AWS services and how they perform logging and monitoring across your environment. Being able to monitor data provides a number of key benefits to your organization, such as compliance, incident detection and resolution, trend analysis and much more! Collating data and statistics about your solutions running within AWS also provides the ability to optimize its performance. This series looks at how to implement, configure and deploy logging and monitoring mechanisms using the following AWS services and features

Part 1: 

  • Amazon CloudWatch - CloudWatch Monitoring Agent
  • AWS CloudTrail Logs
  • Monitoring CloudTrail Logs with CloudWatch Metric Filters
  • Amazon S3 Access Logs

Part 2:

  • Amazon CloudFront Access Logs
  • VPC Flow Logs
  • AWS Config Configuration History 
  • Filtering and searching data using Amazon Athena

The course for Part 2 can be found here

Learning Objectives

By the end of this course series you will be able to:

  • Understand why and when you should enable logging of key services
  • Configure logging to enhance incident resolution and security analysis
  • Understand how to extract specific data from logging data sets

Intended Audience

The content of this course is centered around security and compliance. As a result, this course is beneficial to those who are in the roles or their equivalent of:

  • Cloud Security Engineers
  • Cloud Security Architects
  • Cloud Administrators
  • Cloud Support & Operations
  • Compliance Managers


This is an advanced level course series and so you should be familiar with the following services and understand their individual use case and feature sets.

  • Amazon CloudWatch
  • AWS CloudTrail
  • Amazon EC2
  • CloudFront
  • Lambda
  • AWS Config
  • Amazon S3
  • IAM
  • EC2 Systems Manager (SSM)

This course includes

7 lectures

6 demonstrations


If you have thoughts or suggestions for this course, please contact Cloud Academy at


Hello and welcome to part one of this two part series of courses which has been designed to help you understand how AWS performs logging for a number of key services and how to use this data captured by the logs to resolve incidents and identify security threats. 

Before we start I would like to introduce myself. My name is Stuart Scott. I am one of the trainers here at Cloud Academy specializing in AWS Amazon Web Services. Feel free to connect with me with any questions using the details shown on screen. Alternatively you can always get in touch with us here at Cloud Academy by sending an email to where one of our cloud experts will reply to your question.

The focus of this two part series is to understand the login process and how to monitor this data to your organization's benefit from both an operational and security perspective. As a result those who have the following or similar roles would benefit from this content: Cloud Security Engineer, Cloud Security Architect, Cloud Administrators, Cloud Support and Operations and Compliance Managers. 

Part one of this series is constructed of the following lectures. The Benefits of Logging. This lecture focuses on the core principle of why logging is important. CloudWatch Logs. Here we'll look at how to implement logging using CloudWatch Logs and the associated agent. Next I'll look at CloudTrail Logging and CloudTrail records all API calls. So here I explain how you can use these logs and how they are constructed. Next we'll be monitoring CloudTrail Logs, and here I look at how you can use CloudWatch to monitor CloudTrail events, and then finally in this course we look at S3 Access Logs, and this lecture focuses on the logging capabilities within S3 buckets. 

Part two of this series will continue the theme of logging across AWS services by explaining the following. CloudFront Logs, and here we'll look at how to log the request from each user requesting access to your website and distribution. Next I look at VPC Flow Logs, and this lecture focuses on how to look at the network data traversing your network interface cards within your VPC. Next is AWS Config Logging, and here I'll look at how AWS Config provides a timeline of changes against your AWS resources. And finally in Part two, I look at Filtering and Searching of Log Data, and this lecture looks at how to use Amazon Athena to query logs being stored on S3. 

The objectives of this series is to enable you to understand why and when you should enable logging of key services, how to configure logging to enhance incident resolution and security analysis, and you'll understand how to extract specific data from logging data sets. 

This is an advanced level course series, and so you should be familiar with the following services and understand the individual use cases and feature sets. Throughout this series I will reference a number of URL links which will help and direct you to related information on specific topics. To makes these links easily available to you I've included them at the top of the transcript within the lecture they are referenced. 

Feedback on our courses here at Cloud Academy are valuable to both us as trainers and any students looking to take the same course in the future. If you have any feedback positive or negative, it would be greatly appreciated if you could contact 

That brings me to the end of this lecture. Coming up next I want to start off by looking at the different benefits that logging brings to your operational environment.

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.