By using AWS re:Post, you agree to the Terms of Use

Logging IoT Secure Tunnel Connections in Cloudwatch or Similar

0

Hi,

For audit trail/security purposes we would like to store a log of AWS IoT Secure Tunnel instances, including dates, durations, etc. If possible, even the originating IP address.

What would be the easiest way to log IoT Secure Tunnel instances in Cloudwatch ? I can see that tunnels are displayed in the IoT dash, but these disappear if the tunnel is deleted.

Current setup:

  • Secure Tunnel Component deployed via Greengrass
  • Using the provided docker-run.sh / localproxy cli method to connect
  • If we wish to close tunnels before timeout we are using the "close/delete" tunnel method via the AWS dash
1 Answer
0

Hi. If you have AWS IoT logging enabled (INFO level), Publish-Out events will be logged in the AWSIotLogsV2 log group. When you create/open a tunnel, there will be a Publish-Out event on the $aws/things/thing-name/tunnels/notify topic.

For broader audit trail and compliance scenarios you should probably consider CloudTrail: https://docs.aws.amazon.com/iot/latest/developerguide/iot-using-cloudtrail.html

profile picture
EXPERT
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions