-
Notifications
You must be signed in to change notification settings - Fork 1
Known Security Issues
Max Siegieda edited this page Nov 1, 2018
·
4 revisions
There is no capability as far as we know to discover what actions have taken place against the account were it to be compromised. In (the hopefully unlikely) case of compromise, such a resource would be critical to understand what actions to take. I understand that such logs are the first thing that security contractors reach for when analysing and mitigating a compromise.
My (pwaller) preferred setup would be to create an independent AWS account which just has an S3 bucket in it for logging, which is write-only from the perspective of the main account. This makes it hard to compromise the logs themselves.
See also: CloudTrail.