By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Centralized logging - one region, perhaps one account (S3/VPC)

0

Hi, struggling with consolidating logs. I want to enable server access logging in S3 as well as VPC flow logging. Both need to have a logging bucket per region. That is not very scalable. Can't this be consolidated into one bucket? I'd also be fine having it all sent to a centralized log-archive account, if possible, but that probably needs bucket replication and doesn't solve the original issue of so many buckets required. Config logs and cloudtrail logs are nicely consolidated, but server access logs and VPC flow logs are not. A related point is if server access logging must be enabled (security-wise) on the bucket where server access logging takes place, don't you get into an endless loop? :/

Thanks!

1 Answer
1

Here is a AWS Solution that covers this subject, Centralized Logging.

profile pictureAWS
EXPERT
answered 3 years ago
profile picture
EXPERT
reviewed 5 months ago
  • Thanks! I did look at that, it's the one solution that always comes up when searching for centralized logging, but tbh it looked way too complicated for what I want, with Kinesis, OpenSeach, Kibana, etc. I don't need all of that. I just want to minimize the amount of buckets for my logging, which seems extensive when one just enables all logging to be Security Hub compliant.

    GuardDuty can analyze those logs just fine, or even Cloudwatch, I don't need to do OpenSearch/Kinesis/Kibana overhead, I think :/ but please correct me if I'm wrong!

    Thanks again, I do appreciate the prompt response!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions