Amazon Web Services (AWS) Reports


S. No

Report Title

Details Provided

1

User login activity
  • Recent logins and failed logins
  • Login activity based on IP address, users and geographical region

2

Failed / Unauthorised activity
  • Error events that have occurred
  • Recent login and authorization failures that have taken place

3

IAM activity
  • Occurrence of IAM errors, user activities and unauthorized activities
  • Recently created/deleted users, roles and groups
  • Password changes.
  • Users who have been recently added to groups
  • Creation and deletion of MFA devices
  • Virtual MFA devices that have been enabled and deactivated
  • Access keys that have been created, deleted and updated
  • Status of various IAM user credentials

4

User activity
  • Recent user activity
  • Creation, deletion and update of resources by users
  • Unsuccessful events by users

5

Network Security Groups (NSG)
  • Creation and deletion of security groups
  • Changes made to security group configuration
  • Recently revoked security group ingress and egress
  • Recently authorized security group ingress and egress
  • Network ACL and gateway changes made

6

Virtual Private Cloud (VPC)
  • Creation and deletion of customer gateways
  • Recently created, deleted, attached or detached internet gateways and VPN gateways
  • VPC endpoints that have been created, modified and deleted.
  • Route table that have been created, deleted, associated and dissociated
  • Routes that have been created, deleted and replaced
  • Subnets that have been created and deleted
  • Associated and dissociated subnet CIDR blocks

7

Web Application Firewall (WAF)
  • WAF error events that have occurred
  • The recently created, deleted and updated
    • WAF rules
    • IP sets
    • Byte match sets
    • Constraint sets
    • Injection match sets
    • Xss match sets
    • Web ACLs
  • Recently associated and dissociated web ACLs

8

Elastic IP address
  • Elastic IP addresses that have recently been allocated, released, associated and dissociated
  • IP addresses that have recently been moved to VPC
  • IP addresses that have recently been restored to Classic

9

Elastic Network Interface
  • IPv6 addresses and private IP addresses that have been assigned and unassigned
  • Network interfaces that have been recently created, deleted, attached and detached
  • Modification and resetting of network interface attributes

10

Security Token Service
  • Events caused by STS errors
  • The below requests made:
    • Overall AssumeRole requests
    • AssumeRole with SAML requests
    • AssumeRole with WebIdentity requests
    • Decode authorization message requests
    • Get caller identity requests
    • Get federation token requests
    • Get session token requests

11

Key Pairs activity
  • Recently created, deleted and imported key pairs

12

AWS Config
  • AWS Config errors that have occurred
  • The addition and deletion of
    • AWS Config rules
    • Configuration recorders
    • Delivery channels
    • Deleted evaluation results
  • Configuration recorders that have been started and stopped

13

Amazon Auto Scaling
  • Auto Scaling error events
  • Creation and deletion of
    • Launch configurations
    • Auto scaling groups
    • Scaling policies
  • Modified Auto Scaling groups
  • Attached and detached Auto Scaling instances
  • Attached and detached Load balancers

14

Amazon Elastic Load Balancing (ELB)
  • Auto Scaling error events
  • Creation and deletion of
    • Launch configurations
    • Auto scaling groups
    • Scaling policies
  • Modified Auto Scaling groups
  • Attached and detached Auto Scaling instances
  • Attached and detached Load balancers

15

Amazon Relational Database Service (RDS)
  • RDS error events
  • Created and deleted RDS instances
  • Roles recently added to DB clusters
  • Tags recently added to RDS resources
  • Authorized and revoked DB security group ingress
  • Created and deleted DB security groups
  • DB snapshots that have been created, deleted and updated
  • DB clusters that are created, deleted and restored
  • Restored DB instances

16

S3 Bucket activity
  • Overall S3 activity
  • Buckets created and deleted
  • Failed actions in S3

17

S3 traffic analysis
  • The overall S3 traffic
  • All S3 requests made
  • Requests based on Remote IP, Operation and HTTP status
  • Failed requests based on error code
  • Requests with error access

18

Route 53
  • Overall Route 53 activity
  • Failed events in Route 53
  • Hosted zones that have been recently created and deleted
  • Configuration changes made to private hosted zones
  • Recent reusable delegation set activity
  • Modified resource record sets
  • Traffic policy configuration changes
  • Traffic policy instance configuration changes
  • Domain configuration changes
Copyright © 2017, ZOHO Corp. All Rights Reserved.