Control: 2.3 Ensure audit logs for multiple cloud resources are integrated with Log Service
Log Service provides functions of log collection and analysis in real time across multiple cloud resources under the authorized resource owners. This enable the large-scale corporate for security governance over all resources owned by multiple accounts by integrating the log from different sources and monitoring. For example, Log Service supports the integration to collect logs from the following sources:
- ActionTrail is a cloud service that records API calls made in a given Alibaba Cloud account.
- ApsaraDB RDS and DRDS audit records all data manipulation language (DML) and data definition language (DDL) operations through network protocol analysis and only consumes a small amount of CPU resources. The Trial Edition of SQL Explorer retains SQL log data generated within up to one day free of charge.
- Object Storage Service (OSS) support recording every changes to its resources including bucket, ACL, replications, and files, as well as file access logs.
- The access log feature of SLB can be applied to HTTP- and HTTPS-based Layer 7 load balancing. Access logs can contain about 30 fields such as the time when a\ request is received, the IP address of the client, processing latency, request URI, backend server (ECS instance) address, and returned status code. As an Internet access point, SLB needs to distribute a large number of access requests.
- Alibaba Cloud API Gateway provides API hosting service to facilitate micro-service aggregation, frontend and backend isolation, and system integration. Each API request corresponds to an access record, which contains information such as the IP address of the API caller, requested URL, response latency, returned status code, and number of bytes for each request and response. With the preceding information, you can understand the operating status of your web services.
- NAS audit and access log support to record each request to Network File System (NFS) file system including file changes and access, details of the access request, such as the operation type, target object, and response status of the current user. Log Service also provides rich functions such as real-time query and analysis, and dashboard presentation for this part of logs.
Perform the following to ensure the logs are integrated with Log Services:
- Logon to SLS Console.
Log Service Audit Servicein the navigation pane.
- Go to Access to
Cloud Products > Global Configurationpage.
- Select a location of project for logs.
- Check the appropriate product logging selection, such as
RDS SQL Audit Logs,
OSS Access Logs,
SLB Access Log,
NAS Access Log,
API Gateway Access logand configure a proper storage period (in days).
Saveto save the changes.
- Go to
Multi-Account Configurations > Global Configurationpage.
- Modify it to input the other resource owner account ID.
Saveto save the changes.
- Go to
Access to Cloud Products > Status Dashboardpage to ensure the Status is
Run the control in your terminal:
steampipe check alicloud_compliance.control.cis_v100_2_3
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share alicloud_compliance.control.cis_v100_2_3
This control uses a named query:manual_control