En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Logging IoT Secure Tunnel Connections in Cloudwatch or Similar

0

Hi,

For audit trail/security purposes we would like to store a log of AWS IoT Secure Tunnel instances, including dates, durations, etc. If possible, even the originating IP address.

What would be the easiest way to log IoT Secure Tunnel instances in Cloudwatch ? I can see that tunnels are displayed in the IoT dash, but these disappear if the tunnel is deleted.

Current setup:

  • Secure Tunnel Component deployed via Greengrass
  • Using the provided docker-run.sh / localproxy cli method to connect
  • If we wish to close tunnels before timeout we are using the "close/delete" tunnel method via the AWS dash
Sujets
Internet des objets (IoT)
Balises
AWS IoT GreengrassInternet des objets (IoT)
Langue
English
AWS-User-9962534
demandé il y a 2 ans241 vues
1 réponse
0

Hi. If you have AWS IoT logging enabled (INFO level), Publish-Out events will be logged in the AWSIotLogsV2 log group. When you create/open a tunnel, there will be a Publish-Out event on the $aws/things/thing-name/tunnels/notify topic.

For broader audit trail and compliance scenarios you should probably consider CloudTrail: https://docs.aws.amazon.com/iot/latest/developerguide/iot-using-cloudtrail.html

profile pictureAWS
EXPERT
Greg_B
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents