Log4j Vulnerability Response Center. Get Informed Now

DevOps and Security Glossary Terms

AWS Monitoring

What is AWS Monitoring?

As cloud technology continues to mature, enterprises are increasingly depending on cloud service providers to manage their workloads, data, and applications. Amazon Web Services (AWS) is the most dominant cloud service provider in the world today, representing 41.5% of all application workloads that exist in the cloud and having captured a 30% market share. Based on the internal infrastructure model that Amazon used to launch its wildly successful international retail and shipping operations, AWS offers a comprehensive suite of cloud-based solutions for organizations of all levels, with a versatile range of Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) product offerings.

As organizations move away from on-premise IT infrastructure and towards hybrid cloud environments that combine on-premise and third-party cloud solutions, they also increase the number of applications they have deployed in the cloud. A 2017 report discovered that companies use an average of 4.8 clouds and 16 SaaS applications, a figure that rose 33% from the previous year's measurement. Investments in cloud-based infrastructure and technology drive efficiencies and cost savings for enterprises, but it also increases the possible surface area for cyber attacks, making cloud security a top priority.

For organizations that subscribe to AWS, prioritizing security means investing in an AWS monitoring solution that complements existing AWS security tools, satisfies the requirements of the AWS shared responsibility model and enables best practices for AWS monitoring.

A Guide to AWS Monitoring and Security Tools

Amazon Web Services is a comprehensive, well-supported cloud service that is continuously growing and evolving. To help meet the cloud security needs of its customers, AWS offers a range of security and monitoring tools that IT organizations can use to monitor and secure their AWS cloud environments. These tools are available on a pay-per-use basis for AWS subscribers.

AWS CloudTrail - CloudTrail is a monitoring tool that AWS subscribers can use to track user activity and API usage across the AWS infrastructure. CloudTrail automatically records and stores event logs of actions made in each AWS user account, offering total transparency and visibility into user and resource activity through the infrastructure. Log files include information such as the date and time that a user interacted with AWS, the identity of the user and the IP address where the traffic originated.

AWS CloudWatch - The CloudWatch service was specifically engineered to meet the requirements of DevOps engineers and developers for security and operational monitoring throughout the IT infrastructure. CloudWatch offers a number of versatile monitoring capabilities, including anomaly detection, automated incident responses, troubleshooting, operational insights, and metric visualization. Amazon has marketed AWS Cloudwatch as the easiest way to aggregate metrics from both AWS and your on-premise cloud infrastructure.

AWS Certificate Manager - The Certificate Manager tool for AWS simplifies the process of provisioning, managing and deploying SSL/TLS certificates for AWS services. Unlike other AWS services that operate under the pay-per-use model, the AWS certificate manager provides certificates and automates renewals for free - users only pay for the computing power necessary to run the application.

AWS CloudHSM - CloudHSM gives AWS users control over encryption keys and cryptographic operations that are used to codify sensitive data, such as usernames, passwords, credit card numbers and personal information about customers. Effective use of encryption can help IT organizations satisfy corporate, contractual and regulatory requirements associated with collecting or capturing customer data.

Amazon Inspector - Amazon Inspector is a security assessment tool for AWS that allows users to perform automated security assessments of applications deployed in AWS environments. AWS inspector detects anomalies or variations from baseline activity or traffic levels, generating alerts that can be investigated from within the service or aggregated into the AWS security hub service along with security data from other services.

AWS Security Hub - Security Hub provides a centralized hub where AWS subscribers can aggregate data and security alerts from across the entire range of AWS security applications. Users can capture security data from other services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, organize and prioritize those alerts, and view the most important information on customized, integrated dashboards

AWS Shield - Shield is a managed Distributed Denial of Service (DDoS) protection service that provides constant monitoring and detection of DDoS attacks initiated by malicious actors. A DDoS attack floods the servers with packets and can trigger service outages that impact revenue. AWS Shield can be combined with Amazon CloudFront and Amazon Route 53 to achieve full protection from Layer 3 and 4 IT infrastructure attacks.

AWS WAF - WAF stands for Web Application Firewall. WAF is a pay-per-use cloud-deployed software tool that lets you define customized rules that protect your web-based application from common and well-known cyber attacks. With this capability, IT organizations can protect their applications from security breaches, maintain application availability and prevent excessive resource consumption that results from malicious traffic.

Despite Amazon's impressive range of security tools for AWS, it is still incumbent on IT organizations to choose the ones that will be most useful and cost-effective while requiring the least amount of administrative and cost overhead. Enterprises that deploy applications in more than one cloud can also benefit from third-party security monitoring solutions that aggregate data from throughout the hybrid cloud environment - not just from AWS.

AWS Monitoring and the Shared Responsibility Model

Under Amazon's shared responsibility model for cloud security, the onus is on AWS subscribers to implement the tools and software necessary to secure their cloud-deployed applications.

Under the model, Amazon assumes responsibility for the security of the cloud while the customer is responsible for securing everything in the cloud.

This means that Amazon controls the security of all components from the host operating system and virtualization layer to the physical security of the building where AWS servers are located. Customers are responsible for implementing and managing client and server-side encryption and network traffic protection. The security of customer data, access management, platforms, applications, the network, and the guest operating system are also the responsibility of the customer.

Sumo Logic's Multi-cloud Support Includes AWS Monitoring Capability

Sumo Logic is a multi-cloud analytics platform with integrations for major cloud service providers like Google Cloud, Microsoft Azure, and AWS. With Sumo Logic's AWS monitoring capability, users benefit from deep integration with the AWS platform and security services. Sumo Logic's log aggregation capabilities, along with machine learning and pattern detection make it easy for enterprise organizations to gain visibility into AWS deployments, manage application performance, maintain cloud security and comply with internal and external standards.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.