cancel
Showing results for 
Search instead for 
Did you mean: 

A Real-World Look at AWS Best Practices: Logging

jhwong
Moderator
Moderator

Check out our latest blog series on AWS Best Practices on Logging!

 

Although CloudTrail is a well-trodden subject for AWS Security, there were still a few interesting findings among a slice of our customer base:

 

  1. Enable VPC flow logs: 81% of VPCs do not have VPC flow logging enabled, which will hinder incident response and investigations.
  1. Encrypt CloudTrail logs at rest: 91% of CloudTrail logs are not encrypted at rest. Encryption at rest supports data compliance controls and is easy to do.
  1. Ensure S3 bucket access logging is enabled for CloudTrail buckets: 41% of CloudTrail buckets do not have server access logging enabled. Logging should be enabled for all CloudTrail S3 buckets.
  1. Ensure CloudTrail logs are integrated with CloudWatch or a SIEM: 54% of CloudTrails are not integrated with CloudWatch. These should be reviewed to ensure they are integrated with a production log search service or SIEM.

 

If your AWS accounts fall into these categories, let us know more about whether costs, security risk of assets, alternative controls/products, or other factors play into these controls from the CIS benchmark. 

 

Share your response in the comments below!