Amazon CloudWatch pipelines now includes new compliance and governance capabilities to help you maintain data integrity and control access when processing logs. CloudWatch pipelines is a fully managed service that ingests, transforms, and routes log data to CloudWatch without requiring you to manage infrastructure. Because pipeline processors modify log events during transformation, organizations with audit or regulatory requirements need ways to preserve original data and track what has been changed. These new tools address those needs directly.
You can now enable a “keep original” toggle to automatically store a copy of your raw logs before any transformation takes place, ensuring the unmodified data is always available when needed. Pipelines also adds new metadata to processed log entries indicating that the log has been transformed, making it easy to distinguish between original and processed data during audits or investigations. Additionally, new IAM condition keys let administrators restrict who can create pipelines based on log source name and type, giving operators fine-grained control over pipeline creation across their organization.
These compliance and governance features are available at no additional cost. Standard CloudWatch Logs storage rates apply to both the original and transformed copies of your log data when the keep original log option is enabled. You can use these features in all AWS Regions where CloudWatch pipelines is generally available.
To get started, visit the CloudWatch Ingestion page in the Amazon CloudWatch console. To learn more, see the CloudWatch pipelines documentation.
Quelle: aws.amazon.com
Amazon CloudWatch pipelines introduces new compliance and governance capabilities
Published by