Logging & Observability¶
Goal¶
Collect and retain security logs.
Core Services¶
| Service | Purpose |
|---|---|
| CloudTrail | API activity |
| CloudTrail Lake | Query audit events |
| CloudWatch Logs | Application logs |
| VPC Flow Logs | Network visibility |
| Route53 Resolver Logs | DNS visibility |
Logging Architecture¶
Account → CloudTrail → Security Lake → Athena → Dashboard
Know¶
CloudTrail¶
- Organization trail
- Management events
- Data events
CloudTrail Lake¶
- SQL queries
- Long retention
CloudWatch Logs¶
- Metric filters
- Agents
VPC Flow Logs¶
- Accept / Reject
DNS Logs¶
- Domain activity
Exam Trigger Words¶
"who changed" → CloudTrail
"query historical" → CloudTrail Lake
"network visibility" → Flow Logs