Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Logging IoT Secure Tunnel Connections in Cloudwatch or Similar

0

Hi,

For audit trail/security purposes we would like to store a log of AWS IoT Secure Tunnel instances, including dates, durations, etc. If possible, even the originating IP address.

What would be the easiest way to log IoT Secure Tunnel instances in Cloudwatch ? I can see that tunnels are displayed in the IoT dash, but these disappear if the tunnel is deleted.

Current setup:

  • Secure Tunnel Component deployed via Greengrass
  • Using the provided docker-run.sh / localproxy cli method to connect
  • If we wish to close tunnels before timeout we are using the "close/delete" tunnel method via the AWS dash
Temas
Internet de las cosas (IoT)
Etiquetas
AWS IoT GreengrassInternet de las cosas (IoT)
Idioma
English
AWS-User-9962534
preguntada hace 2 años241 visualizaciones
1 Respuesta
0

Hi. If you have AWS IoT logging enabled (INFO level), Publish-Out events will be logged in the AWSIotLogsV2 log group. When you create/open a tunnel, there will be a Publish-Out event on the $aws/things/thing-name/tunnels/notify topic.

For broader audit trail and compliance scenarios you should probably consider CloudTrail: https://docs.aws.amazon.com/iot/latest/developerguide/iot-using-cloudtrail.html

profile pictureAWS
EXPERTO
Greg_B
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante