AMS Advanced User Guide

AMS Advanced Concepts and Procedures

What is AWS Managed Services?
Service management
Planned event management
Network architecture
- MALZ network architecture
  Choosing single MALZ or multiple MALZs
  Single multi-account landing zone vs. Multiple multi-account landing zone FAQs
  Multi-Account Landing Zone accounts
  Management account
  Networking account
  Networking account architecture
  Private network connectivity to AMS Multi-account landing zone environment
  Centralized edge connectivity using transit gateway
  Connecting DX or VPN to account VPCs
  Resources in the networking account
  AWS Network Manager
  Egress VPC
  Managed Palo Alto egress firewall
  Perimeter (DMZ) VPC
  AWS Transit Gateway
  Shared Services account
  Updates to shared services: Multi-Account Landing Zone
  Log Archive account
  Security account
  Application account types
  AMS-managed application accounts
  AMS Accelerate accounts
  Customer Managed application accounts
  Accessing your Customer Managed account
  Connecting your CMA with Transit Gateway
  Getting operational help with your Customer Managed accounts
  Tools account (migrating workloads)
  AWS Application Migration Service (AWS MGN)
  Enable access to the new Tools account
  Example IAM CloudEndure policy
  Testing connectivity and end-to-end setup
  Tools account hygiene
  Migration at scale - Migration Factory
- SALZ network architecture
  AMS Single-account landing zone shared services
Setting up AMS
Change management modes
Finding the data you need (SKMS)
Access management
Automated EC2 instance configuration
Monitoring and event management
Log management
Security management
Continuity management
Patch management
Reports and options
- On-request reports
  AMS Patch reports
  AMS Backup reports
  Incidents Prevented and Monitoring Top Talkers reports
  Billing Charges Details report
  Trusted Remediator reports
- Self-service reports
  Patch report (daily)
  Backup report (daily)
  Incident report (weekly)
  Billing report (monthly)
  Aggregated reports
  AMS self-service reports dashboards
  Data retention policy
  Offboard from SSR
Get support
Operations On Demand
Document history
AWS Glossary

AWS Managed Services

Documentation
AWS Managed Services
AMS Advanced Concepts and Procedures

Accessing your logs

PDF

RSS

Focus mode

Accessing your logs - AMS Advanced User Guide

Documentation AWS Managed Services AMS Advanced Concepts and Procedures

To access your logs, ensure that you have one of the required IAM roles and are in your AMS account. Then navigate to the directory shown.

Multi-Account Landing Zone (MALZ)

Provides five default IAM roles, each of which allow access to all logs within your account (all are prefaced with AWSManagedServices):

AdminRole
CaseRole
ChangeManagementRole
ReadOnlyRole
SecurityOpsRole

Access to these roles is configured via federation, with each role being mapped to a group within your Active Directory domain.

To learn more about these roles, see IAM user role in AMS .

Single-Account Landing Zone (SALZ)

The default Customer_ReadOnly_Role for AMS single-account landing zone allows your access to all logs within your account. Access to the logs is controlled using AWS Identity and Access Management (IAM) roles mapped to Active Directory groups.

anchor anchor

Provides five default IAM roles, each of which allow access to all logs within your account (all are prefaced with AWSManagedServices):

AdminRole
CaseRole
ChangeManagementRole
ReadOnlyRole
SecurityOpsRole

Access to these roles is configured via federation, with each role being mapped to a group within your Active Directory domain.

To learn more about these roles, see IAM user role in AMS .

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

How AMS logging works

AMS aggregated service logs

Did this page help you? - Yes

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Did this page help you? - No

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.

Need help?

Try AWS re:Post
Connect with an AWS IQ expert

Privacy Site terms Cookie preferences

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

Unable to save cookie preferences

Accessing your logs

Did this page help you?

Next topic:

Previous topic:

Need help?