CloudTrail
We have enabled IAM personal users and have avoided the root account. We have also assigned the necessary IAM policy to our groups, and have assigned each user to the right group. However, we also need to record all of their actions. To fulfill this purpose, the AWS service to enable is CloudTrail.Â
Each event performed over the AWS infrastructure by an IAM user or a resource with an IAM role assigned to it will be recorded in an S3 bucket and/or in a CloudWatch log group. My advice is to follow the AWS documentation at: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html. Creating a trail from the web console will be very straightforward, if you read this document.
VPC Flow Logs
An intrusion detection system (IDS) and anintrusion prevention system (IPS) are common tools in a secure network. In an on-premise environment, they are not so easy or cheap to implement, because you need dedicated hardware, and also a network...
