Amazon FSx for Home windows File Server supplies absolutely managed file storage that’s accessible over the industry-standard Server Message Block (SMB) protocol. It’s constructed on Home windows Server and affords a wealthy set of enterprise storage capabilities with the scalability, reliability, and low value that you’ve got come to count on from AWS.
Along with key options reminiscent of consumer quotas, end-user file restore, and Microsoft Energetic Listing integration, the group has now added help for the auditing of end-user entry on recordsdata, folders, and file shares utilizing Home windows occasion logs.
Introducing File Entry Auditing
File entry auditing means that you can ship logs to a wealthy set of different AWS providers with the intention to question, course of, and retailer your logs. Through the use of file entry auditing, enterprise storage directors and compliance auditors can meet safety and compliance necessities whereas eliminating the necessity to handle storage as logs develop over time. File entry auditing shall be significantly necessary to regulated prospects reminiscent of these within the monetary providers and healthcare industries.
You may select a vacation spot for publishing audit occasions within the Home windows occasion log format. The vacation spot choices are logging to Amazon CloudWatch Logs or streaming to Amazon Kinesis Information Firehose. From there, you possibly can view and question logs in CloudWatch Logs, archive logs to Amazon Easy Storage Service (Amazon S3), or use AWS Companion options, reminiscent of Splunk and Datadog, to observe your logs.
You may also arrange Lambda capabilities which can be triggered by new audit occasions. For instance, you possibly can configure AWS Lambda and Amazon CloudWatch alarms to ship a notification to knowledge safety personnel when unauthorized entry happens.
Utilizing File Entry Auditing on a New File System
To allow file entry auditing on a brand new file system, I head over to the Amazon FSx console and select Create file system. On the Choose file system sort web page, I select Amazon FSx for Home windows File Server, after which configure different settings for the file system. To make use of the auditing characteristic, Throughput capability should be a minimum of 32 MB/s, as proven right here:
In Auditing, I see that File entry auditing is turned on by default. In Superior, for Select an occasion log vacation spot, I can change the vacation spot for publishing consumer entry occasions. I select CloudWatch Logs after which select a CloudWatch Logs log group in my account.
After my file system has been created, I launch a brand new Amazon Elastic Compute Cloud (Amazon EC2) Occasion and be part of it to my Energetic listing. When the occasion is on the market, I hook up with it utilizing a distant desktop consumer. I open File Explorer and observe the documentation to map my new file system.
I open the file system in Home windows Explorer after which right-click and choose Properties. I select Safety, Superior, and Auditing after which select Add so as to add a brand new auditing entry. On the web page for the auditing entry, in Principal, I click on Choose a principal. That is who I shall be auditing. I select Everybody. Subsequent, for Kind, I choose the kind of auditing I need (Success/Fail/All). Beneath Fundamental permissions, I choose Full management for the permissions I need to audit for.
Now that auditing is ready up, I create some folders and create and modify some recordsdata. All this exercise is now being audited, and the logs are being despatched to CloudWatch Logs.
Within the CloudWatch Logs Insights console, I can begin to question the audit logs. Under you possibly can see how I ran a easy question that finds all of the logs related to a particular file.
File entry auditing is one in every of many options the group has launched in recent times, together with: Self-Managed Directories, Native Multi-AZ File Programs, Help for SQL Server, Nice-Grained File Restoration, On-Premises Entry, a Distant Administration CLI, Information Deduplication, Programmatic File Share Configuration, Enforcement of In-Transit Encryption, Storage Measurement and Throughput Capability Scaling, and Storage Quotas.
File entry auditing is free on Amazon FSx for Home windows File Server. Commonplace pricing applies for the usage of Amazon CloudWatch Logs, Amazon Kinesis Information Firehose, any downstream AWS providers reminiscent of Amazon Redshift, S3, or AWS Lambda, and any AWS Companion options like Splunk and Datadog.
Out there Right now
File entry auditing is on the market right this moment for all new file techniques in all AWS Areas the place Amazon FSx for Home windows File Server is on the market. Test our documentation for extra particulars.