By using AWS re:Post, you agree to the Terms of Use

Does AWS do internal logging for user access information for AWS services?

0

Does AWS do internal logging for user access information to AWS services if customer disabled logging for the services used explicitly? Major services in questions - Route53, WAF, Cloudfront, S3

Thanks,

2 Answers
1

All of these services are integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service . CloudTrail captures a subset of API calls for particular service or actions as events, including calls from the console and code calls to the APIs. There is also a good blog which shows how to notify on changes to CloudTrail and re-enable logging whenever logging is disabled.

References :

  1. Logging Amazon S3 API calls using AWS CloudTrail - https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging.html
  2. Logging and monitoring in Amazon Route 53 - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/logging-monitoring.html
  3. Logging API calls with AWS CloudTrail - https://docs.aws.amazon.com/waf/latest/developerguide/logging-using-cloudtrail.html
  4. Using AWS CloudTrail to capture requests sent to the CloudFront API - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/logging_using_cloudtrail.html
  5. Monitor Changes and Auto-Enable Logging in AWS CloudTrail - https://aws.amazon.com/blogs/mt/monitor-changes-and-auto-enable-logging-in-aws-cloudtrail/
profile picture
answered 17 days ago
  • Thanks for your suggest but let me rephrase my intent - I want to run a website on AWS with highest privacy. I configured the services not to do the access logging. And I want to know if AWS log the user access internally even if I disabled access logging in AWS console.

0

You can use Cloud HSM directly without KMS and KMS custom key store. AWS Cloud HSM provides two ways how clients can connect to it.

  1. Command line utilities : https://docs.aws.amazon.com/cloudhsm/latest/userguide/command-line-tools.html
  2. Programmatic access: https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-hsm.html

These both ways, user can directly integrate with Cloud HSM without any interaction with any of other AWS services. As far as IAM concerns, AWS Cloud HSM access does not fall under IAM.

answered 16 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions