This course is part 2 of a 2-part course series that focuses on a number of key AWS services and how they perform logging and monitoring across your environment. Being able to monitor data provides a number of key benefits to your organization, such as compliance, incident detection and resolution, trend analysis and much more. Collating data and statistics about your solutions running within AWS also provides the ability to optimize its performance. This series looks at how to implement, configure, and deploy logging and monitoring mechanisms using the following AWS services and features.
Part 2:
- Amazon CloudFront Access Logs
- VPC Flow Logs
- AWS Config Configuration History
- Filtering and searching data using Amazon Athena
Part 1:
- Amazon CloudWatch - CloudWatch Monitoring Agent
- AWS CloudTrail Logs
- Monitoring CloudTrail Logs with CloudWatch Metric Filters
- Amazon S3 Access Logs
The course for Part 1 can be found here
Learning Objectives
By the end of this course series you will be able to:
- Understand why and when you should enable logging of key services
- Configure logging to enhance incident resolution and security analysis
- Understand how to extract specific data from logging data sets
Intended Audience
The content of this course is centered around security and compliance. As a result, this course is beneficial to those who are in the roles or their equivalent of:
- Cloud Security Engineers
- Cloud Security Architects
- Cloud Administrators
- Cloud Support & Operations
- Compliance Managers
Prerequisites
This is an advanced level course series and so you should be familiar with the following services and understand their individual use case and feature sets.
- Amazon CloudWatch
- AWS CloudTrail
- Amazon EC2
- CloudFront
- Lambda
- AWS Config
- Amazon S3
- IAM
- EC2 Systems Manager (SSM)
This course includes
6 lectures
4 demonstrations
Feedback
If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.
Resources Referenced
How to implement & Enable Logging Across AWS Services (Part 1 of 2)
Transcript
Hello and welcome to the second part of this two-part series of courses which have been designed to help you understand how AWS performs logging for a number of key services and how to use this data captured by the logs to resolve instance and identify security threats. If you haven't already taken part one of the series, then you can use the link on the screen.
Before we start, I would like to introduce myself. My name is Stuart Scott. I'm one of the trainers here at Cloud Academy, specializing in AWS, Amazon Web Services. Feel free to connect with me with any questions using the detail shown on the screen. Alternatively, you can always get in touch with us here at Cloud Academy by sending an email to support@cloudacademy.com where one of our cloud experts will reply to your question.
The focus of this two-part series is to understand the logging process and how to monitor this data to your organization's benefit from both an operational and security perspective. As a result, those who have the following or similar roles would benefit from this content: cloud security engineers, cloud security architects, cloud administrators, cloud support and operations, and compliance managers.
As this is part two in the series, the content will continue the theme of logging across AWS services by explaining the following: CloudFront Logs. Here I'll look at how to log the requests from each user requesting access to your website and distribution. Next, I look at VPC Flow Logs. And this lecture focuses on how to log the network data, traversing your network interface cards within your VPC. Next, I focus on AWS Config Logging, and here I look at how AWS Config provides a timeline of changes against your AWS resources. And then lastly, I look at filtering and searching of log data. And within this lecture, I look at how to use Amazon Athena to query logs being stored on S3.
For information, part one of this series dived into the following: the benefits of logging, and in this lecture I focused on the core principle of why logging is important. I also looked at CloudWatch Logs, and within that lecture I explained how to implement logging using CloudWatch Logs and the associated agent. I also touched on CloudTrail logging, and CloudTrail records all API calls so here I explained how you can use these logs and how they are constructed. I then looked at the monitoring of those CloudTrail Logs, and here I looked at how you can use CloudWatch to monitor CloudTrail events. And finally in part one, I looked at S3 Access Logs, where this lecture focuses on the logging capabilities of S3 buckets.
The objectives of this series is to enable you to understand when and why you should enable logging of key services, how to configure logging to enhance incident resolution and security analysis, and you'll understand how to extract specific data from logging data sets. This is an advanced level course series, and so you should be familiar with the following services and understand the individual use cases and feature sets. Throughout this series, I will reference a number of URL links which will help and direct you to related information on specific topics. To make these links easily available to you, I have included them at the top of the transcript within the lecture the they are referenced.
Feedback on our courses here at Cloud Academy are valuable to both us as trainers and any students looking to take the same course in the future. If you have any feedback, positive or negative, it would be greatly appreciated if you could contact support@cloudacademy.com.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.