AWS Security Blog

New Whitepaper: Security at Scale: Logging in AWS

The newly released Security at Scale: Logging in AWS whitepaper is designed to illustrate how AWS CloudTrail can help you meet compliance and security requirements through the logging of API calls. The API call history can be used to track changes to resources, perform security analysis, operational troubleshooting and as an aid in meeting compliance requirements.

This whitepaper is primarily focused on the functionality of AWS CloudTrail and describes how to:

  • Control access to log files
  • Obtain alerts on log file creation and misconfiguration
  • Manage changes to AWS resources and log files
  • Manage storage of log files
  • Generate customized reporting of log data

The paper also relates these features to major compliance program requirements related to logging (e.g. ISO 27001:2005, PCI DSS v2.0, FedRAMP, etc.) and provides a robust compliance program index in the appendix for your reference.

You may leverage this whitepaper for a variety of use-cases such as managing security and operational best practices and tracking compliance with internal policies, industry standards, legal regulations, etc. You can visit the AWS CloudTrail website to learn more about AWS CloudTrail and enable logging on your AWS account. You can also visit the AWS Compliance website to access all our compliance content and information.


Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.