The Importance of IAM, Logging, and Monitoring in AWS

Posted: October 22, 2020
Category: AWS

You’re probably familiar with the adage, “On the internet, nobody knows you’re a dog.” The premise is simple. If nobody can actually see you, then you can be whoever you claim to be when you’re on the internet. That’s why identity and access management is crucial to the integrity of online activity.

Once upon a time, the battle lines of network and internet security were drawn much more clearly. It was easier to separate good guys from bad actors. Cybersecurity focused on preventing unauthorized access to network resources and data. IT security teams have to pay much closer attention today because the bad guys aren’t trying to hack or crack their way in. They are using phishing scams and other tactics to obtain valid user credentials and walking in through the proverbial front door. Organizations needs to have strong identity and access management, as well as cloud logging and monitoring to be able to recognize and respond to suspicious or malicious behavior.

Identity and Access Management (IAM) in the Cloud

A role-based access model is critical to the foundation of identity and access management in the cloud. There are five distinct layers to the role-based access control (RBAC) model for the cloud that each own some level of accountability for different pieces of the identity and access puzzle. The five layers include Business Unit, Business Unit Application, Cloud Platform, Cloud Security, and Cloud Governance. Each layer has a unique and important place in IAM.

There are five workflows in the cloud RBAC model that can be applied to these five layers. New User Account Request, New User Account Provisioning, User Account Transfer, User Account Recertification, and User Account Termination are the five functions of the RBAC model. The workflow for something like a New User Account Request from submission to completion touches on each of the RBAC layers in some way.

The Cloud Security Alliance developed the Cloud Controls Matrix (CCM)—a meta framework of cloud security controls that maps to leading cloud security standards, best practices, and applicable regulations. Set Solutions has mapped the RBAC model layers against the IAM domain controls and the CCM to illustrate how each segment has ownership of IAM controls and plays an essential role in the process.

AWS IAM is a robust identity and access management solution offered by AWS. It integrates with third-party SAML (Security Assertion Markup Language) solution providers to streamline authentication.

Cloud Logging and Monitoring

How do we define monitoring and logging? For the purposes of cloud security, logging looks at applications, services, current state data, behavior, errors, warning, access, and other activity that contains significant amounts of qualitative information. Monitoring, on the other hand, is the time-based rate of change of event driven data.

The importance of logging cannot be overstated. Monitoring is critical, data is king, and logging is essential. Logging in and of itself isn’t magic, though. You have to monitor and log the right things, and you need the tools and processes in place to review and analyze the log data and take action when suspicious or malicious activity is identified.

AWS CloudTrail is an AWS service that is enabled by default. All actions taken by an AWS service or user role are recorded and logged in CloudTrail. CloudTrail gives you complete visibility into all activities within your AWS account, which is crucial for effective cloud security.

AWS also offers AWS CloudWatch. CloudWatch monitors the AWS services and applications you run in real-time. It enables you to collect and track metrics and identify relevant indicators to measure your resources and applications. You can establish thresholds and set alerts to notify you or automatically change the monitored resources.

Security in the AWS Cloud

The RBAC model and Cloud Controls Matrix are essential for properly managing identity and access management. AWS offers AWS IAM to enable customers to effectively implement and managed identity and access within the AWS cloud.

AWS CloudTrail and AWS CloudWatch are services that provide a foundation for logging and monitoring within AWS and assist you in ensuring governance, compliance, operational and risk auditing, resource utilization, application performance, and operational health. These are all important facets of your cloud environment and it’s critical to leverage these tools and have processes in place to address issues that arise.


This blog was written by Jeanice Russell, Chief Cloud Security Architect at Set Solutions.