Logging IoT Secure Tunnel Connections in Cloudwatch or Similar

Question

Hi,

For audit trail/security purposes we would like to store a log of AWS IoT Secure Tunnel instances, including dates, durations, etc. If possible, even the originating IP address.

What would be the easiest way to log IoT Secure Tunnel instances in Cloudwatch ? I can see that tunnels are displayed in the IoT dash, but these disappear if the tunnel is deleted.

Current setup:
 - Secure Tunnel Component deployed via Greengrass
 - Using the provided docker-run.sh / localproxy cli method to connect
 - If we wish to close tunnels before timeout we are using the "close/delete" tunnel method via the AWS dash

Answer

Hi. If you have AWS IoT logging enabled (INFO level), Publish-Out events will be logged in the **AWSIotLogsV2** log group. When you create/open a tunnel, there will be a Publish-Out event on the `$aws/things/thing-name/tunnels/notify` topic.

For broader audit trail and compliance scenarios you should probably consider CloudTrail: https://docs.aws.amazon.com/iot/latest/developerguide/iot-using-cloudtrail.html

Logging IoT Secure Tunnel Connections in Cloudwatch or Similar

관련 콘텐츠