By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Where can I find logs for denied access through firewall

0

I have inbound rules restricting access to our database based on IP address and have specified our websites IP address (Siteground) to give it access and that works the majority of the time. Occasionally, I'm getting connection timed out on the Siteground logs when trying to connect to the database, but then it works immediately after.

Siteground just moved the server to a new database center and I've updated the IPs but this started after. They're saying there is no way the IP address is changing so I want to verify it in the Amazon logs but can't find them.

Topics
Security, Identity, & ComplianceAWS Well-Architected Framework
Tags
AWS Firewall ManagerSecurity
Language
English
phantomfather
asked a year ago344 views
2 Answers
1
Accepted Answer

Requests made to AWS Firewall Manager can be logged at AWS CloudTrail Logs. https://docs.aws.amazon.com/waf/latest/developerguide/fms-incident-response.html

Make sure you have all the permissions for log delivery.

AWS
Felipe Gonzales
answered a year ago
profile picture
EXPERT
Sedat Salman
reviewed a year ago
  • phantomfather
    a year ago

    Thank you. That's exactly what I was looking for. Not the most intuitive solution from Amazon, but once you know it, it makes sense.

1

When you say firewall, do you mean the RDS security group?
If you are a security group, you can enable VPC flow logging to see the blocked logs.
https://docs.aws.amazon.com/vpc/latest/userguide/working-with-flow-logs.html

profile picture
EXPERT
Riku_Kobayashi
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content