Main Nav

We (IT Security) have been asked to work on a project to do a POC setup of an AWS Virtual Private Cloud (VPC) that will in turn be IPsec tunneled back to our infrastructure using a Cisco ISA. We're slowly working our way through that part, but my biggest question is that when I was looking at the AWS management console, I couldn't find any activity logs for who's logged into the management console and what changes have been made. Does anyone know if this is available, or where I can find it if I've overlooked it? Ideally, we would like to see those logs come back to our 'real' network via syslog through the VPN tunnel, or via some kind of secure log streaming from AWS itself.

Related to this - has anyone setup a HIPAA-compliant VPC with AWS or with any other cloud infrastructure vendors?

Thanks for your input,

Karl Bernard
Senior Information Security Analyst
UTHealth, Academic Health Center at Houston

Comments

I received a suggestion to take a look at AWS Identity and Access Management (IAM), and although it looks promising, I looked over IAM and found these unfortunate answers in the FAQ:

Q: Will AWS Identity and Access Management administrative actions be logged to an audit trail?
No. This is planned for a future release.
Q: Will user actions in AWS services be logged to an audit trail?
No. This is planned for a future release

This makes it problematic for us - hopefully someone else has some kind of workaround or well-worded risk acceptance we can look at. Our customers are quietly asking to use cloud services now, but I suspect there will be an all out clamoring before long, so we hope to have some kind of workable answer soon so we can get ahead of things.

Thanks,

Karl

Welcome to the wonders of the Cloud :-) Joel Rosenblatt Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 --On Wednesday, February 20, 2013 2:26 PM -0600 Karl Bernard wrote: > I received a suggestion to take a look at AWS Identity and Access > Management (IAM), and although it looks promising, I looked over IAM and > found these unfortunate answers in the FAQ: > > Q: Will AWS Identity and Access Management administrative actions be logged > to an audit trail?No. This is planned for a future release.Q: Will user > actions in AWS services be logged to an audit trail?No. This is planned for > a future release > http://aws.amazon.com/iam/faqs/#Will_Identity_and_Access_Management_admi... > > This makes it problematic for us - hopefully someone else has some kind of > workaround or well-worded risk acceptance we can look at. Our customers are > quietly asking to use cloud services now, but I suspect there will be an > all out clamoring before long, so we hope to have some kind of workable > answer soon so we can get ahead of things. > > Thanks, > > Karl > >