Is there some document available that shows how AWS CloudWatch log data is stored at AWS?
Especially, I would like to know:
Is an existing service (e.g. Amazon S3) used for the storage of events?
Is there any encryption available?
Interestingly, information is available for CloudTrail, but there seems to be no documentation about CloudWatch.
Flow logs are stored in an Amazon CloudWatch log group, in the same region as your Amazon Connect instance. This log group is created automatically when Enable flow logging is turned on for your instance. For example, the following image shows the CloudWatch log groups for two test instances.
This policy enables CloudWatch Logs to export log data to your Amazon S3 bucket. The bucket owner has full permissions on all of the exported objects. If the existing bucket already has one or more policies attached to it, add the statements for CloudWatch Logs access to that policy or policies.
You can store your log data in CloudWatch Logs for as long as you want. By default, CloudWatch Logs will store your log data indefinitely. You can change the retention for each Log Group at any time.
Logs is apparently sitting on top of Kinesis, so:
Based on this: https://youtu.be/pTzv-i1uvvE?t=1386
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With