CloudTrail and CloudWatch Integration

Enhance Your Logging Functions in AWS
To enhance event management and logging, recommendation 2.4 of the CIS AWS Foundations Benchmark states that CloudTrail logs need to be integrated with CloudWatch logs. Sending CloudTrail logs to CloudWatch Logs will support real-time and historic activity logging based on user, API, resource, and IP address, and provides opportunity to establish alarms and notifications for sensitive account activity.

Event management and logging in AWS is a very important part of your security posture. Ensuring that not only is CloudTrail enabled, but events are streamed to CloudWatch for monitoring is important. Organizations should configure metric alarms as well as making sure that all applicable trails are set up to stream events into CloudWatch.

Related Videos