The AWS logs you miss during an incident

Anurag Jain's report discusses the critical impact of missing AWS log sources during incident response in cloud environments, emphasizing the importance of comprehensive logging for effective forensic analysis. Through six real-world-inspired scenarios, the report illustrates how the absence of specific logs, such as VPC Flow Logs, S3 Server Access Logs, EKS Audit Logs, CloudTrail Data Events for Lambda, OS Logs via CloudWatch Agent, and Route 53 Resolver Query Logs, can hinder investigations by leaving security teams blind to vital details. Each scenario reveals how these missing logs prevent timely containment, accurate attribution, and complete analysis, highlighting lessons learned to improve cloud security visibility. The report concludes that proactive logging strategies, including enabling comprehensive logging and centralizing logs securely, are crucial investments for enhancing cloud security and ensuring readiness for future incidents.