Skip to main content
emnode / learn
Learning path

See what's happening

Flow logs, access logs, CloudTrail and scanning: see what's happening.

9 lessons·~123 min total

Lessons in this path

  1. 1
    Compliance AWS

    Enable VPC flow logs in every VPC

    Security Hub EC2.6 — without flow logs you have no network audit trail. Investigations and threat detection need them.

    12 min
  2. 2
    Compliance AWS

    Enable application and API logging

    One capability across API Gateway, AppSync, Athena, CodeBuild, DMS, DataSync, Step Functions, Transfer Family and managed database log exports: make sure every application and data service writes a durable, queryable record of what it did.

    14 min
  3. 3
    Compliance AWS

    Enable threat detection and vulnerability scanning

    One capability across GuardDuty, Inspector, Macie and ECR: turn on the AWS-native services that watch for compromise, scan for known vulnerabilities, and find sensitive data, so a problem is detected automatically rather than discovered by accident.

    14 min
  4. 4
    Compliance AWS

    Enable CloudTrail and API activity logging

    One capability across the whole CloudTrail control family: make sure every account keeps a complete, tamper-evident, queryable record of the AWS API calls that change your estate.

    14 min
  5. 5
    Compliance AWS

    Enable cluster and search audit logging

    One capability across EKS clusters and Elasticsearch search domains: capture and watch the control-plane and search activity that records who called the API, what they queried, and what failed.

    14 min
  6. 6
    Compliance AWS

    Enable network and edge logging (LB, WAF, firewall, DNS)

    One capability across load balancers, WAF web ACLs, Network Firewall and Route 53: make sure every device that sits in the traffic path keeps a queryable record of what it allowed, blocked and resolved.

    14 min
  7. 7
    Compliance AWS

    Enable S3 access and object-level logging

    One capability across S3 server access logs and CloudTrail data events: make every bucket holding sensitive data keep a record of who read, wrote, and deleted which object, so a leak shows up in the audit trail instead of nowhere.

    14 min
  8. 8
    Compliance AWS

    Configure event notifications and subscriptions

    One capability across RDS clusters, instances, parameter groups, security groups and S3 buckets: wire the events that signal trouble into a destination something is actually listening to, so nobody finds out about a problem from a customer first.

    13 min
  9. 9
    Compliance AWS

    Enable AWS security tooling (Config, Access Analyzer, SSM)

    One capability across AWS Config, IAM Access Analyzer and Systems Manager: switch on the services that record, detect and manage your estate so the rest of your security posture has something to stand on.

    14 min