Resources Referenced

How to implement & Enable Logging Across AWS Services (Part 1 of 2)

Transcript

Hello and welcome to the second part of this two-part series of courses which have been designed to help you understand how AWS performs logging for a number of key services and how to use this data captured by the logs to resolve instance and identify security threats. If you haven't already taken part one of the series, then you can use the link on the screen.

Before we start, I would like to introduce myself. My name is Stuart Scott. I'm one of the trainers here at Cloud Academy, specializing in AWS, Amazon Web Services. Feel free to connect with me with any questions using the detail shown on the screen. Alternatively, you can always get in touch with us here at Cloud Academy by sending an email to support@cloudacademy.com where one of our cloud experts will reply to your question. 

The focus of this two-part series is to understand the logging process and how to monitor this data to your organization's benefit from both an operational and security perspective. As a result, those who have the following or similar roles would benefit from this content: cloud security engineers, cloud security architects, cloud administrators, cloud support and operations, and compliance managers. 

As this is part two in the series, the content will continue the theme of logging across AWS services by explaining the following: CloudFront Logs. Here I'll look at how to log the requests from each user requesting access to your website and distribution. Next, I look at VPC Flow Logs. And this lecture focuses on how to log the network data, traversing your network interface cards within your VPC. Next, I focus on AWS Config Logging, and here I look at how AWS Config provides a timeline of changes against your AWS resources. And then lastly, I look at filtering and searching of log data. And within this lecture, I look at how to use Amazon Athena to query logs being stored on S3. 

For information, part one of this series dived into the following: the benefits of logging, and in this lecture I focused on the core principle of why logging is important. I also looked at CloudWatch Logs, and within that lecture I explained how to implement logging using CloudWatch Logs and the associated agent. I also touched on CloudTrail logging, and CloudTrail records all API calls so here I explained how you can use these logs and how they are constructed. I then looked at the monitoring of those CloudTrail Logs, and here I looked at how you can use CloudWatch to monitor CloudTrail events. And finally in part one, I looked at S3 Access Logs, where this lecture focuses on the logging capabilities of S3 buckets. 

The objectives of this series is to enable you to understand when and why you should enable logging of key services, how to configure logging to enhance incident resolution and security analysis, and you'll understand how to extract specific data from logging data sets. This is an advanced level course series, and so you should be familiar with the following services and understand the individual use cases and feature sets. Throughout this series, I will reference a number of URL links which will help and direct you to related information on specific topics. To make these links easily available to you, I have included them at the top of the transcript within the lecture the they are referenced. 

Feedback on our courses here at Cloud Academy are valuable to both us as trainers and any students looking to take the same course in the future. If you have any feedback, positive or negative, it would be greatly appreciated if you could contact support@cloudacademy.com.