Ask the community

A Real-World Look at AWS Best Practices: Logging


Check out our latest blog series on AWS Best Practices on Logging!


Although CloudTrail is a well-trodden subject for AWS Security, there were still a few interesting findings among a slice of our customer base:


  1. Enable VPC flow logs: 81% of VPCs do not have VPC flow logging enabled, which will hinder incident response and investigations.
  1. Encrypt CloudTrail logs at rest: 91% of CloudTrail logs are not encrypted at rest. Encryption at rest supports data compliance controls and is easy to do.
  1. Ensure S3 bucket access logging is enabled for CloudTrail buckets: 41% of CloudTrail buckets do not have server access logging enabled. Logging should be enabled for all CloudTrail S3 buckets.
  1. Ensure CloudTrail logs are integrated with CloudWatch or a SIEM: 54% of CloudTrails are not integrated with CloudWatch. These should be reviewed to ensure they are integrated with a production log search service or SIEM.


If your AWS accounts fall into these categories, let us know more about whether costs, security risk of assets, alternative controls/products, or other factors play into these controls from the CIS benchmark. 


Share your response in the comments below!


In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In