tag:blogger.com,1999:blog-4088979.post3378845305978321783..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Logs from the CloudRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4088979.post-22652777156691508672009-05-08T02:44:00.000-04:002009-05-08T02:44:00.000-04:00I always enjoy learning how other people employ Am...I always enjoy learning how other people employ Amazon S3 and CloudFront. I am wondering if you can check out my very own tool <A HREF="http://cloudberrylab.com/" REL="nofollow"> CloudBerry Explorer</A> that helps to manage S3 on Windows . It is a freeware. We have recently added basic support for CloudFront log to make it easier to turn on logging and analyze it.andyhttps://www.blogger.com/profile/16288776213556827245noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-51726020913052797842009-05-08T01:47:00.000-04:002009-05-08T01:47:00.000-04:00Hi Richard
Thanks for the mention.
Honestly, I t...Hi Richard<br /><br />Thanks for the mention.<br /><br />Honestly, I think you have the meat of it covered :-).<br /><br />The key point for peeps to bear in mind is that this is just for Amazons Content Distribution Network service (aka CloudFront) - not AWS API usage. So this is just like Akamai giving you logs for content you've pushed to them for edge access. I guess its worth noting that the existing Amazon S3 storage service already has optional logging, disabled by default).<br /><br />CloudFront logging improves on the previous situation where only usage statistics were available, hence this feature mostly helps Amazon clients that rebill CDN usage to their own customers.<br /><br />From a security perspective I'm struggling to see much benefit (the corner case I can think of is if sensitive data was accidently leaked by a customer to CloudFront and they needed to know which IP's downloaded it).<br /><br />If someone can see more security benefits, do share.<br /><br />Cheers<br /><br />CraigCraig Baldinghttp://cloudsecurity.orgnoreply@blogger.com