[AWS SAP] Architecture Patterns - Monitoring, Logging and Auditing
API activity must be captured from multiple accounts and stored in a centra security account?
Use CloudTrail in each account to record API activity and use cross-account access to secuirty account to store the log files in a central S3 bucket.
Need to trace and debug application with distributed components?
Use AWS X-Ray to trace and debug the application.
CloudWatch Logs entries must be transformed with Lambda and then loaded into Amazon S3?
Configure a Kinesis Firehose destination, transform with Lambda and tehn load into S3 bucket
CloudWatch logs entries must be analyzed and stored centrally in a security account?
Use cross-account sharing and configure a Kinesis Data Stream in the secuirty account to collect the log files then use Lambda to analyze and store.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CrossAccountSubscriptions.html
Looks like bot Kinesis data stream and Kinesis Firehose can do
Access auditing must be enabled and records must be stored for a minimum of 5 years. Any attempts to modify the log files must be identiifed?
Create a trail in CloudTrail that stores the data in an S3 bucket and enable log file integrity validation.
Need to stream logs from Amazon EC2 instances in an ASG?
Install the unified CloudWatch Agent and collect log files in Amazon CloudWatch.
Need to collect metrics from EC2 instances with a 1 second granularity?
Create a custom metric with high resolution.
The application logs from on-premises servers must be processed by AWS Lambda in real time?
Install the unified CloudWatch Agent on the servers and use a subscription filter in CloudWatch to connect to a Lambda function.
相关文章
- <转载>AWS 基础知识
- [AWS SAP] Exam Tips 2 -- Continues Improvement for Existing Solutions
- [AWS Lambda] Convert a Express node.js app to serverless
- [AWS DA] API Gateway and Lambda Stage variable
- [Cloud DA] Serverless Framework with AWS - Part 0: Serverless Project structure
- [Cloud DA] Serverless Framework with AWS
- [AWS] Lab: Docker and CodeCommit Part 1
- [AWS Amplify] Create & Interact with an AWS AppSync GraphQL API with AWS Amplify
- [AWS] Architecture Patterns - Deployment and Management
- [AWS SAP] Exam Tips 2 -- Continues Improvement for Existing Solutions
- [SAA + SAP] 27. Cost saving for data transfer out AWS
- [AWS] Lab - CloudFormation
- [AWS] Move Code from git to CodeCommit
- [AWS] AWS Serverless Application Model (AWS SAM)
- SAP HANA CLOUD和aws一个实际项目中的性能比较
- AWS实例上AMI和用户名的映射表
- AWS vs. Azure,从九大方面看哪家强
- AWS Academy LMS 教材使用 - 教师
- AWS Sign-URL的过期时间设置
- 【AWS系列】第七讲: AWS Serverless之API Gateway