AWS Logging Status Report

Overview

This report assesses whether logging and audit capabilities are properly enabled across critical AWS services in your environment. Logging is essential for observability, security investigations, cost tracking, and compliance audits.

The assessment verifies whether log delivery to services like CloudTrail, CloudWatch Logs, S3, and Kinesis is configured and operational for supported AWS services.

The report helps you:

• Identify gaps in audit and monitoring coverage
• Improve incident response and operational visibility
• Meet compliance requirements for retention and log integrity
• Detect misconfigurations or unused log delivery pipelines

The results include resource-level findings to support immediate remediation.

Services and Evaluation Criteria

Amazon S3

• Server Access Logs enabled
• Object-Level Read Events Logging (via CloudTrail)
• Object-Level Write Events Logging (via CloudTrail)

Amazon VPC

• Flow Logs enabled
• DNS Logging via Route53 Resolver Query Logs

AWS Load Balancers (ELB)

• Access Logs enabled

AWS CloudFront

• Access Logs enabled
• Real-Time Logging configured

Amazon RDS

• Logging enabled (e.g., general logs, error logs, slow query logs)

Amazon OpenSearch (Elasticsearch)

• Audit Logging enabled

AWS WAF

• Web ACL Logging enabled

Amazon EKS

• Control Plane Logging enabled

AWS Certificate Manager (ACM)

• Certificate Transparency Logging enabled

Amazon API Gateway

• Stage Access Logging enabled (v1 and v2 APIs)
• Execution Logging enabled
• X-Ray Tracing enabled

Amazon Route 53

• Hosted Zone Logging enabled

AWS DocumentDB

• Audit Logging enabled

Amazon Neptune

• Audit Logging enabled

Amazon MSK

• Broker Logging enabled

You’ll receive a detailed report showing which services and resources lack logging, so you can proactively close visibility and auditability gaps.