Amazon Elastic Load Balancing Access Logs!

Elastic Load Balancing Access Logs (Single Account and Multi-Account using AWS Organizations) can now be turned on using Assisted Log Enabler!

For more details on elastic load balancer access logs, see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html.

Release notes:

• Ability to turn on Elastic Load Balancer Access logs within single and multi-account modes.

• Added Dry Run capabilities for Elastic Load Balancer Access logs within single and multi-account modes.

• Added cleanup for Elastic Load Balancer Access logs created by Assisted Log Enabler within single account mode.

  • Updated help (-h) message example within the README.
  • Permissions examples for enabling Elastic Load Balancer Access logs within the permissions directory.
  • Diagram for Elastic Load Balancer Access logs within the README.

Contributors

@rckasa

Amazon S3 Server Access Logs!

With this release, we've added the ability to enable Amazon S3 Server Access Logs! Amazon Server Access logs provide detailed records for the requests that are made to your Amazon S3 Buckets, which can be useful for security audits and investigations.

For more details on Amazon S3 Server Access Logs, please visit the following link: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html

Credit goes to Rogerio Kasa (@rckasa) for his work on this.

Release Notes:

• Ability to turn on Amazon S3 Server Access logs within single and multi-account modes.
  • Added Dry Run capabilities for Amazon S3 Server Access logs within single and multi-account modes.
  • Added Cleanup capabilities for Amazon S3 Server Access logs created by Assisted Log Enabler within single account mode.
• Updated help (-h) message example within the README.
• Permissions examples for enabling Amazon S3 Server Access logs within the permissions directory.
• Diagram for Amazon S3 Server Access Logs within the README.

Minor Documentation Updates

• References to Team DragonCat are now referred to Customer Incident Response Team (CIRT).
• Various argparse help message to be more descriptive.

Updates to CloudTrail function

Added

• CloudTrail tags to show that the trail is created by Assisted Log Enabler for AWS.

Changed

• CloudTrail name to be more descriptive that it's created by Assisted Log Enabler for AWS.

Hotfix - Added Conditional Statements to Cleanup & Dry Run Options

Added

• Condition statements for if no options were selected during Dry Run and Cleanup modes.

Additional Services Added to Cleanup Functionality

Added

• Tagging for VPC Flow Log Resources in single account mode.
• Cleanup options for VPC Flow Logs and CloudTrails created by Assisted Log Enabler for AWS.
• README Documentation
  • Added details in the Cleanup section to reflect VPC Flow Logs and CloudTrail commands.
  • Added section about the Shared Responsibility Model.

Added Dry Run Modes

This release adds Dry Run modes for both single and multi-account versions of Assisted Log Enabler for AWS. These modes allow you to check for resources in your environment that do not have logging turned on, but does not activate the logging for said resources.

Added

• Dry Run mode for both single and multi-account modes.
  • Added README Documentation for Dry Run modes.

Minor Documentation Updates

Changed

• README Documentation
  • Removed unzip steps from single and multi-account instructions.
  • Minor updates to various service names.

Documentation and S3 Bucket Updates

Added

• Randomization to the end of the Amazon S3 bucket name in both single and multi account modes.
• Instructions for deploying the AWS CloudFormation Stack individually, within the AWS Organizations root account for multi-account deployment.
• Link for the AWS Security Analytics Bootstrap within the README.

Changed

• Feedback section within README to contain link to Issues section.

Added Cleanup functionality

This release contains functionality for removing resources created by Assisted Log Enabler for AWS. Currently, this is limited to Amazon Route 53 Resolver Query Logging in single account mode. More services will be added to the cleanup functionality in the coming releases.

Added

• Code for cleaning up AWS resources created by Assisted Log Enabler for AWS.
  • Amazon Route 53 Resolver Query Logging in single account mode is only currently supported.
• Options for running cleanup mode within the main function.
• IAM Permissions example for cleanup operations.
• Information within the Step-by-Step instructions for multi-account to reflect details about AWS CloudFormation StackSets Delegated Administrator.

Changed

• README documentation.
  • Updated Cleanup section to reflect new cleanup capabilities.
  • Updated IAM Permissions examples within the README.
• AWS CloudFormation template for deploying IAM Permissions to run cleanup code.
• Header in files to reflect "Assisted Log Enabler for AWS", instead of "Assisted Log Enabler (ALE)".