Monitoring AWS CloudHSM Audit Logs in Amazon CloudWatch Logs
When an HSM in your account receives a command from the AWS CloudHSM command line tools or software libraries, it records its execution of the command in audit log form. The HSM audit logs include all client-initiated management commands, including those that create and delete the HSM, log into and out of the HSM, and manage users and keys. These logs provide a reliable record of actions that have changed the state of the HSM.
AWS CloudHSM collects your HSM audit logs and sends them to Amazon CloudWatch Logs on your behalf. You can use
the features of CloudWatch Logs to manage your AWS CloudHSM audit logs, including
searching and filtering the
logs and exporting log data to Amazon S3. You can work with your HSM audit logs in
the Amazon CloudWatch console
Topics