AWS Security Blog

New Whitepaper: Security at Scale: Logging in AWS

The newly released Security at Scale: Logging in AWS whitepaper is designed to illustrate how AWS CloudTrail can help you meet compliance and security requirements through the logging of API calls. The API call history can be used to track changes to resources, perform security analysis, operational troubleshooting and as an aid in meeting compliance requirements.

This whitepaper is primarily focused on the functionality of AWS CloudTrail and describes how to:

  • Control access to log files
  • Obtain alerts on log file creation and misconfiguration
  • Manage changes to AWS resources and log files
  • Manage storage of log files
  • Generate customized reporting of log data

The paper also relates these features to major compliance program requirements related to logging (e.g. ISO 27001:2005, PCI DSS v2.0, FedRAMP, etc.) and provides a robust compliance program index in the appendix for your reference.

You may leverage this whitepaper for a variety of use-cases such as managing security and operational best practices and tracking compliance with internal policies, industry standards, legal regulations, etc. You can visit the AWS CloudTrail website to learn more about AWS CloudTrail and enable logging on your AWS account. You can also visit the AWS Compliance website to access all our compliance content and information.

– Chad