Welcome to security monitoring! You've secured your account, data, and network. Now you need to watch for problems and track what happens in your environment. Think of monitoring like having security cameras and an alarm system.

Engagement Message

Why is it important to see what's happening in your account, not just secure it?

AWS CloudTrail is your primary auditing tool. It records nearly every action, or API call, made in your AWS account. It answers the questions of "who did what, from where, and when?"

This is invaluable for security investigations and compliance audits.

Engagement Message

In what scenario would you need to know exactly who deleted a resource?

While CloudTrail tells you who made a change, AWS Config tells you what the resource looked like before and after the change. It continuously monitors and records your AWS resource configurations.

For example, it can show you the exact moment a firewall rule was changed.

Engagement Message

Why is tracking the history of configuration changes important?

AWS Config can also evaluate your configurations against desired best practices. You can use rules to check for things like unrestricted access or unencrypted storage volumes, and Config will alert you if a resource becomes non-compliant.

Engagement Message

How does automated checking help prevent human error?

Finally, Amazon GuardDuty is an intelligent threat detection service. It uses machine learning to continuously monitor for malicious activity and unauthorized behavior.

It analyzes your CloudTrail logs and other data sources to identify potential threats, like compromised instances or unusual API calls.

Engagement Message

Why is machine learning better than simple rule-based detection for new threats?