Module 7 - Security
Engineering on AWS: Monitoring and Collecting Logs on AWS
Unit notes:
What is Amazon CloudWatch? https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html
Logging IP traffic using VPC Flow Logs https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
What Is AWS Config? https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html
Amazon Kinesis Documentation https://docs.aws.amazon.com/kinesis/index.html
Use indicators of compromise (IOCs) https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/use-indicators-of-compromise.html
Amazon Detective https://aws.amazon.com/detective/
Amazon
Detective Documentation https://docs.aws.amazon.com/detective/latest/adminguide/what-is-detective.html
API Activity Baseline https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
AWS Config https://aws.amazon.com/config/
AWS
Config Documentation https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html
Multi-Account Multi-Region Data Aggregation https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html
Supported Resource Types http://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html
Indirect Relationships in AWS Config https://docs.aws.amazon.com/config/latest/developerguide/faq.html
Example Relationship Queries https://docs.aws.amazon.com/config/latest/developerguide/examplerelationshipqueries.html
AWS Config Managed Rules http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html
AWS Config Custom Rules https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html
Conformance Packs https://docs.aws.amazon.com/config/latest/developerguide/conformance-packs.html
Conformance Pack Sample Templates https://docs.aws.amazon.com/config/latest/developerguide/conformancepack-sample-templates.html
Logging best practices https://docs.aws.amazon.com/prescriptive-guidance/latest/logging-monitoring-for-application-owners/logging-best-practices.html
Operational Best Practices for Logging https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-logging.html
Designing and implementing logging and monitoring with Amazon
CloudWatch https://docs.aws.amazon.com/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/welcome.html
What is Amazon CloudWatch Logs? https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html
Working with log groups and log streams https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html
Logging IP traffic using VPC Flow Logs https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
Publish flow logs to CloudWatch Logs https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-cwl.html
Access logs for your Application Load Balancer https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
Access logs for your Network Load Balancer https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-access-logs.html
Logging options for Amazon S3 https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html
Logging requests using server access logging https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html
Amazon S3 server access log format https://docs.aws.amazon.com/AmazonS3/latest/dev/LogFormat.html
AWS CloudTrail https://aws.amazon.com/cloudtrail/
What Is AWS CloudTrail? https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html
Security best practices in AWS CloudTrail https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html
AWS CloudTrail Best Practices Blog https://aws.amazon.com/blogs/mt/aws-cloudtrail-best-practices/
Using Amazon CloudWatch alarms https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html
What is Amazon CloudWatch Events? https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/WhatIsCloudWatchEvents.html
Sending Events to Amazon CloudWatch Events https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/cloudwatch-examples-sending-events.html
How to Receive Notifications When Your AWS Account’s Root Access
Keys are Used https://aws.amazon.com/blogs/security/how-to-receive-notifications-when-your-aws-accounts-root-access-keys-are-used/
Instance metrics https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html#ec2-cloudwatch-metrics
Creating a composite alarm https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Create_Composite_Alarm.html
Using CloudWatch anomaly detection https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Anomaly_Detection.html
Amazon Kinesis https://aws.amazon.com/kinesis/
Amazon Kinesis Data Streams https://aws.amazon.com/kinesis/data-streams/
What Is Amazon Kinesis Data Streams? https://docs.aws.amazon.com/streams/latest/dev/introduction.html
Amazon Kinesis Data Firehose https://aws.amazon.com/kinesis/data-firehose/
What Is Amazon Kinesis Data Firehose? https://docs.aws.amazon.com/firehose/latest/dev/what-is-this-service.html
Amazon Kinesis Data Analytics https://aws.amazon.com/kinesis/data-analytics/
What Is Amazon Kinesis Data Analytics for SQL Applications? https://docs.aws.amazon.com/kinesisanalytics/latest/dev/what-is.html
Amazon Security Lake https://aws.amazon.com/security-lake/
What is Amazon Security Lake? https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html
What is Amazon Athena? https://docs.aws.amazon.com/athena/latest/ug/supported-format.html
Analyzing Data in S3 using Amazon Athena https://aws.amazon.com/blogs/big-data/analyzing-data-in-s3-using-amazon-athena
Athena Encryption at rest https://docs.aws.amazon.com/athena/latest/ug/encryption.html
Query flow logs using Amazon Athena https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-athena.html
OpenSearch Documentation https://opensearch.org/docs/latest
Build a Log Analytics Solution on AWS https://d1.awsstatic.com/Projects/P4113850/aws-projects_build-log-analytics-solution-on-aws.pdf
Centralized Logging on AWS https://aws.amazon.com/solutions/implementations/centralized-logging/
Adding custom CloudWatch Logs https://docs.aws.amazon.com/solutions/latest/centralized-logging/adding-custom-cloudwatch-logs.html
What is Traffic Mirroring? https://docs.aws.amazon.com/vpc/latest/mirroring/what-is-traffic-mirroring.html
Traffic mirror filters https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-filter.html
VPC TrafficMirroring Source Automation Application https://github.com/aws-samples/aws-vpc-traffic-mirroring-source-automation
Trainings:
Automatically Detect and Mitigate Account Compromise Issues https://explore.skillbuilder.aws/learn/course/internal/view/elearning/13654/automatically-detect-and-mitigate-account-compromise-issues
AWS Security Best Practices: Monitoring and Alerting https://explore.skillbuilder.aws/learn/course/internal/view/elearning/11264/aws-security-best-practices-monitoring-and-alerting
AWS Observability https://explore.skillbuilder.aws/learn/course/internal/view/elearning/14688/aws-observability
Amazon EC2 Observability, Monitoring, and Troubleshooting https://explore.skillbuilder.aws/learn/course/internal/view/elearning/15115/amazon-ec2-observability-monitoring-and-troubleshooting
AWS Free Tier: Introduction to Monitoring Services https://explore.skillbuilder.aws/learn/course/internal/view/elearning/15010/aws-free-tier-introduction-to-monitoring-services
Security Monitoring https://explore.skillbuilder.aws/learn/course/internal/view/elearning/13814/security-monitoring
Getting Started with Amazon Detective https://explore.skillbuilder.aws/learn/course/internal/view/elearning/14077/getting-started-with-amazon-detective
Security Governance at Scale – Technical (Digital) https://explore.skillbuilder.aws/learn/course/internal/view/elearning/11173/security-governance-at-scale-technical-digital
AWS Managed Services (AMS): Security Management Overview https://explore.skillbuilder.aws/learn/course/internal/view/elearning/363/aws-managed-services-ams-security-management-overview
Getting Started with AWS Security, Identity, and Compliance https://explore.skillbuilder.aws/learn/course/internal/view/elearning/101/getting-started-with-aws-security-identity-and-compliance
AWS Security Fundamentals (Second Edition) https://explore.skillbuilder.aws/learn/course/internal/view/elearning/48/aws-security-fundamentals-second-edition
Getting Started with AWS Config https://explore.skillbuilder.aws/learn/course/internal/view/elearning/12609/getting-started-with-aws-config
AWS Managed Services (AMS): Logging and Monitoring https://explore.skillbuilder.aws/learn/course/internal/view/elearning/342/aws-managed-services-ams-logging-and-monitoring
Introduction to Amazon CloudWatch https://explore.skillbuilder.aws/learn/course/internal/view/elearning/203/introduction-to-amazon-cloudwatch
Introduction to Amazon CloudWatch Logs Insights https://explore.skillbuilder.aws/learn/course/internal/view/elearning/265/introduction-to-amazon-cloudwatch-logs-insights
Collecting and Analyzing Logs with Amazon CloudWatch Logs Insights
https://explore.skillbuilder.aws/learn/course/internal/view/elearning/1122/collecting-and-analyzing-logs-with-amazon-cloudwatch-logs-insights
Build, Secure, and Monitor Networks on AWS https://explore.skillbuilder.aws/learn/course/internal/view/elearning/15414/build-secure-and-monitor-networks-on-aws
Controlling the Network https://explore.skillbuilder.aws/learn/course/internal/view/elearning/13606/controlling-the-network
Troubleshooting: Amazon CloudWatch https://explore.skillbuilder.aws/learn/course/internal/view/elearning/13812/troubleshooting-amazon-cloudwatch
Getting Started with Application Load Balancer https://explore.skillbuilder.aws/learn/course/internal/view/elearning/14631/getting-started-with-application-load-balancer
Getting Started with Network Load Balancer https://explore.skillbuilder.aws/learn/course/internal/view/elearning/12808/getting-started-with-network-load-balancer-nlb
Getting Started with Gateway Load Balancer https://explore.skillbuilder.aws/learn/course/internal/view/elearning/14408/getting-started-with-gateway-load-balancer
Access logs for your Application Load Balancer https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
Getting Started with AWS CloudTrail https://explore.skillbuilder.aws/learn/course/internal/view/elearning/193/getting-started-with-aws-cloudtrail
Introduction to Amazon Kinesis Streams https://explore.skillbuilder.aws/learn/course/internal/view/elearning/157/introduction-to-amazon-kinesis-streams
Data Analytics Fundamentals https://explore.skillbuilder.aws/learn/course/internal/view/elearning/44/data-analytics-fundamentals
Introduction to Amazon Kinesis Analytics https://explore.skillbuilder.aws/learn/course/internal/view/elearning/131/introduction-to-amazon-kinesis-analytics
Introduction to Amazon Athena https://explore.skillbuilder.aws/learn/course/internal/view/elearning/152/introduction-to-amazon-athena
Data Analytics Fundamentals https://explore.skillbuilder.aws/learn/course/internal/view/elearning/44/data-analytics-fundamentals
AWS Network – Monitoring and Troubleshooting https://explore.skillbuilder.aws/learn/course/internal/view/elearning/8187/aws-network-monitoring-and-troubleshooting
Videos:
Monitoring AWS CloudTrail Log Data in Amazon CloudWatch https://www.youtube.com/watch?v=6b_ENVFgCpA
Monitoring and troubleshooting network traffic https://www.youtube.com/watch?v=Ed09ReWRQXc
Analyze Log Data with CloudWatch Logs Insights https://www.youtube.com/watch?v=2s2xcwm8QrM
Enforce Compliance with AWS Config https://www.youtube.com/watch?v=X_fznJtSyV8
Get More Out of AWS Config by Using Multi-Account, Multi-Region
Advanced Queries https://www.youtube.com/watch?v=By7GAhp2OyI
Manage Configuration Compliance at Scale Using AWS Config
Conformance Packs https://www.youtube.com/watch?v=YCUNNQuGZfg
Remediate Non-Compliance Using AWS Config Rules and a Custom SSM
Document https://www.youtube.com/watch?v=CyyNlyAHs0A4
Deploy AWS Config Conformance Packs Using CloudFormation https://www.youtube.com/watch?v=baA5eN5zyrg
Send VPC Flow Log Data to Splunk Using Amazon Kinesis Data
Firehose https://www.youtube.com/watch?v=idizFTiOqUE
Demo: Amazon Kinesis Data Firehose to Amazon OpenSearch Service https://www.youtube.com/watch?v=7a3_zhI1jvY
AWS re:Invent 2020: Top 5 best practices for data streaming with
Amazon Kinesis https://www.youtube.com/watch?v=UE34CWAhT3o
Cookpad: Security Architecture to Monitor and Analyze Secure Logs
using AWS https://www.youtube.com/watch?v=qN5-v4NlKac
Security Automation using AWS Management Tools https://www.youtube.com/watch?v=8Gpa9rKBpV4
Essential Security Patterns https://www.youtube.com/watch?v=ScwoR73yr_c
Amazon Detective Overview and Demonstration https://www.youtube.com/watch?v=fmm4PXhg8BY
Amazon Detective Security Scenario Investigation Walk Through https://www.youtube.com/watch?v=Rz8MvzPfTZA
Back to Basics: Using AWS Config and Conformance Packs to Optimize
Your AWS Resources https://www.youtube.com/watch?v=dndoIEyBhJw
Simplify Custom Rule Creation Using the AWS Config Rule
Development Kit https://www.youtube.com/watch?v=7Iao8SR9Czg
AWS Config Conformance Packs Provide Scores To Help You Track
Resource Compliance https://www.youtube.com/watch?v=0OerXUxVG08
AWS Supports You - Monitoring and Remediating Non-Compliant
Resources with AWS Config https://www.youtube.com/watch?v=JXwEMipnY-o
Analyze Log Data with CloudWatch Logs Insights https://www.youtube.com/watch?v=2s2xcwm8QrM
Collect Metrics and Logs from Amazon EC2 instances with the
CloudWatch Agent https://www.youtube.com/watch?v=vAnIhIwE5hY
Learn How to Use VPC Flow Logs and Other AWS Tools https://www.youtube.com/watch?v=sThQD7wjpgA
How do I
analyze my Amazon S3 server access logs using Amazon Athena? https://www.youtube.com/watch?v=-GgtkyqDCN4
Monitor AWS CloudTrail Log Data in Amazon CloudWatch https://www.youtube.com/watch?v=6b_ENVFgCpA
Remediate Non-Compliance Using AWS Config Rules, AWS CloudWatch
Events, & AWS Lambda Functions https://www.youtube.com/watch?v=PD9S5xGC16g
Monitor Resource Changes with Amazon CloudWatch Events https://www.youtube.com/watch?v=-rQku_AeN_Y
Continuously Analyze Metrics Using Amazon CloudWatch Anomaly
Detection https://www.youtube.com/watch?v=IpQYBuay5OE
Introduction to Kinesis Data Firehose https://www.youtube.com/watch?v=qRoyF9dEqgw
Getting Started with Kinesis Data Streams https://www.youtube.com/watch?v=1I1DcJvmd4w
How to get started and manage Amazon Security Lake with AWS
Organizations https://www.youtube.com/watch?v=fKGhscpwN-k
Amazon Security Lake with Amazon Athena and Amazon QuickSight https://www.youtube.com/watch?v=M0GviMezp3w
Data Preparation using Amazon Athena https://www.youtube.com/watch?v=Dmw7HOOmiJQ
Demo: Searching with Amazon OpenSearch Serverless https://www.youtube.com/watch?v=_ZHLirviD38
Demo: Improve search results with Amazon OpenSearch Service https://www.youtube.com/watch?v=i7xY73cAo4g
Solving with AWS Solutions: Centralized Logging https://www.youtube.com/watch?v=FBRE_yxzAyY
Previous
Top
Next