Access Reports (for Governance and Compliance)
💡 Definition
Access reports (in the context of AWS governance and compliance) refer to consolidated summaries and detailed logs of who accessed what resources, when, and from where. These reports are crucial for auditing, maintaining security posture, and demonstrating adherence to regulatory requirements.
🔑 Key Concepts
- Source Data: Primarily generated from CloudTrail logs (API activity), VPC Flow Logs (network traffic), and IAM information.
- Purpose: To provide visibility into account activity, detect unauthorized access attempts, and track changes to resources.
- Types: Can range from high-level summaries (e.g., "all S3 access last week") to granular detail (e.g., specific API calls made by an IAM User).
- Examples of Tools: Services like CloudTrail provide event history, and a Credential Report offers a snapshot of IAM user credentials. More advanced aggregation can be done using AWS Security Hub or directly querying logs in S3 with Athena.
⚙️ How it Works
AWS services like CloudTrail automatically record API calls and management events. These logs can be stored in an S3 bucket. Customers can then use various AWS tools (e.g., Athena for querying S3 logs, CloudWatch Logs Insights for analyzing CloudWatch Logs) or third-party solutions to generate custom reports on access patterns. The Credential Report from IAM provides a direct download of all user credential statuses.
🎯 Use Cases
- Security Audits: Proving to internal and external auditors that access controls are being enforced.
- Incident Response: Investigating a security breach to determine the extent of unauthorized access.
- Compliance: Meeting requirements from regulations (e.g., HIPAA, PCI DSS) that mandate logging and auditing of access.
- Troubleshooting: Identifying who made a specific change that caused an issue.
💰 Pricing Model
- N/A. Generating access reports typically involves costs for the underlying logging services (e.g., CloudTrail, CloudWatch Logs, S3) and for data analysis tools (e.g., Athena).
📝 Exam Tips (CLF-C02)
- Keywords: "Auditing access", "Who did what, when, where", "Compliance evidence".
- CloudTrail is the primary service for recording API activity for audit purposes.
- The Credential Report is specifically for IAM user credential status.
- Access reports are a crucial output for governance and compliance requirements.
See Also: * IAM * CloudTrail * AWS Config * Credential Report * AWS Audit Manager