Monitoring AWS CloudHSM Audit Logs in Amazon CloudWatch Logs
When an HSM in your account receives a command from the AWS CloudHSM command line tools or software libraries, it records its execution of the command in audit log form. The HSM audit logs include all client-initiated management commands, including those that create and delete the HSM, log into and out of the HSM, and manage users and keys. These logs provide a reliable record of actions that have changed the state of the HSM.
AWS CloudHSM collects your HSM audit logs and sends them to Amazon CloudWatch Logs on your behalf. You can use the features of CloudWatch Logs to manage your AWS CloudHSM audit logs, including searching and filtering the logs and exporting log data to Amazon S3. You can work with your HSM audit logs in the Amazon CloudWatch console or use the CloudWatch Logs commands in the AWS CLI and CloudWatch Logs SDKs.
