Open menu
-->

AWS CloudWatchLogs Best Practices

Cloudwatch Logs allows you to monitor and troubleshoot your systems and applications using your existing custom log files. Your existing log files can be sent to Cloudwatch Logs and monitored in near real-time



Cloudwatch Logs allows you to monitor and troubleshoot your systems and applications using your existing custom log files. Your existing log files can be sent to Cloudwatch Logs and monitored in near real-time. Cloudwatch Logs can be used to monitor and alert you on specific phrases, values or patterns that occur in your AWS account. For example, an alert could be set to notify you when the number of errors encountered in your account reaches 10.

Cloud Conformity checks Amazon CloudWatchLogs service according to the following rules:

Enable CloudWatch Alarm for AWS Config Changes
Ensure AWS Config configuration changes are being monitored using CloudWatch alarms.

Enable CloudWatch Alarms for AWS Organizations Changes
Ensure Amazon Organizations changes are being monitored using AWS CloudWatch alarms.

App-Tier AWS CloudWatch Log Group
Ensure an AWS CloudWatch log group is created for app tier.

App-Tier CloudWatch Log Group Retention Period
Ensure CloudWatch log group for app tier has a retention period.

Enable CloudWatch Alarms for AWS Authorization Failures
Ensure any unauthorized API calls made within your AWS account are being monitored using CloudWatch alarms.

Enable CloudWatch Alarm for AWS KMS customer master keys (CMKs) Changes
Ensure AWS CMK configuration changes are being monitored using CloudWatch alarms.

Enable CloudWatch Alarms for AWS CloudTrail Changes
Ensure all AWS CloudTrail configuration changes are being monitored using CloudWatch alarms.

Config Rule for EIPs Attached to EC2 Instances Within VPC
Ensure an AWS managed Config rule for EIPs attached to EC2 instances within VPC is created.

Enable CloudWatch Alarms for AWS Console Sign-in Failures
Ensure your AWS Console authentication process is being monitored using CloudWatch alarms.

Monitor for AWS Console Sign-In Requests Without MFA
Monitor for AWS Console Sign-In Requests Without MFA

Enable CloudWatch Alarm for AWS EC2 Instance Changes
Ensure AWS EC2 instance changes are being monitored using CloudWatch alarms.

Enable CloudWatch Alarm for AWS EC2 Large Instance Changes
Ensure AWS EC2 large instance changes are being monitored using CloudWatch alarms.

Enable CloudWatch Alarm for AWS IAM Policy Changes
Ensure AWS IAM policy configuration changes are being monitored using CloudWatch alarms.

Enable CloudWatch Alarm for AWS Customer/Internet Gateway Changes
Ensure AWS VPC Customer/Internet Gateway configuration changes are being monitored using CloudWatch alarms.

Enable CloudWatch Alarm for AWS Network ACL Changes
Ensure AWS Network ACLs configuration changes are being monitored using CloudWatch alarms.

Enable CloudWatch Alarm for Root Account Usage
Ensure Root Account Usage is being monitored using CloudWatch alarms.

Enable CloudWatch Alarm for AWS Route Tables Changes
Ensure AWS Route Tables configuration changes are being monitored using CloudWatch alarms.

Enable CloudWatch Alarm for AWS S3 Bucket Changes
Ensure AWS S3 Buckets configuration changes are being monitored using CloudWatch alarms.

Enable CloudWatch Alarm for AWS Security Group Changes
Ensure AWS security groups configuration changes are being monitored using CloudWatch alarms.

Enable CloudWatch Alarm for AWS VPC Changes
Ensure AWS VPCs configuration changes are being monitored using CloudWatch alarms.

Create CloudWatch Alarm for VPC Flow Logs Metric Filter
Ensure that a CloudWatch alarm is created for the VPC Flow Logs metric filter and an alarm action is configured.

Metric Filter for VPC Flow Logs CloudWatch Log Group
Ensure that a log metric filter for the CloudWatch group assigned to the VPC Flow Logs is created.

Web-Tier AWS CloudWatch Log Group
Ensure an AWS CloudWatch log group is created for web tier.

Web-Tier CloudWatch Log Group Retention Period
Ensure CloudWatch log group for web tier has a retention period.