5.5 Ensure Cloudwatch Log Group is created for App Tier

Information

AWS CloudWatch Log groups define groups of log streams that share the same retention, monitoring, and access control settings. Each log stream has to belong to one log group.

Note:

* You can also use any third party log management tools (like Splunk, Loggly, AlertLogic Log Manager, etc.) as long as the recommendation goal is achieved.
* The below Audit and Remediation steps need to be modified for your specific log management tool, as they are provided in the benchmark only for Amazon Cloudwatch
Separating log group destinations on a per tier basis allows unique settings to be applied on a per group basis for:

* Retention of logs
* Access Controls

* Export/Stream of data to other AWS Services for analysis/processing

* AWS S3
* AWS Lambda
* AWS Elastic Search

Solution

Using the Amazon unified command line interface:

* Create a Cloudwatch log group for the App tier:

aws logs create-log-group --log-group-name <_app_tier_log_group>_

See Also

https://workbench.cisecurity.org/files/260

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: amazon_aws

Control ID: d286ebd0b0c92b8e035cfd282775f7195a503d0b8d8761d764d50d471cbfe63c