Help Center/
Well-Architected Framework/
Well-Architected Framework and Practices/
Security Pillar/
Security Operations/
SEC09 Security Awareness and Analysis/
SEC09-03 Implementing Security Audits
Updated on 2025-05-22 GMT+08:00
SEC09-03 Implementing Security Audits
Enable security audits for key operations on each cloud service and by any individual user. Protect audit logs and back them up periodically to avoid unexpected deletions, modifications, or overwriting.
- Risk level
High
- Key strategies
- Key operations on cloud services include high-risk operations (such as creating and deleting IAM users, restarting VMs, and changing security configurations), cost-sensitive operations (such as creating and deleting high-cost resources), and service-sensitive operations (such as network configuration changes).
- Enable the key event notifications. If you enable key event notifications in CTS, CTS sends notifications to subscribers in real time through SMN.
- Enable log transfer in CTS to send audit logs to OBS. You can set a log retention duration based on your compliance and service requirements.
- Protect audit logs and back them up periodically to avoid unexpected deletions, modifications, or overwriting. You can also enable file verification for audit logs to ensure the integrity of audit files and prevent files from being tampered with.
- Enable centralized fine-grained control for O&M account permissions to access systems and resources.
- For details about data security audit, see SEC07-03 Monitoring Data Use.
- Related cloud services and tools
- Cloud Trace Service (CTS): A tracker is automatically created when you enable CTS. The tracker identifies and associates with all cloud services you are using, and records all operations on the services. CTS allows you to collect, store, and query all operations on your cloud resources and use these records for security analysis, compliance auditing, resource tracking, and fault locating.
- Cloud Bastion Host (CBH)
- Database Security Service (DBSS)
- SecMaster
- Simple Message Notification (SMN)
Parent topic: SEC09 Security Awareness and Analysis
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot