Sharing Amazon CloudWatch Logs - AWS Security Incident Response Guide

Sharing Amazon CloudWatch Logs

Logs that are recorded in Amazon CloudWatch Logs, such as Amazon VPC flow logs, can be shared with another account (such as your centralized security account) through a CloudWatch Logs subscription. For example, the log event data can be read from a centralized Amazon Kinesis stream to perform custom processing and analysis. Custom processing is especially useful when you collect logging data from across many accounts. Ideally, create this configuration early in your cloud journey, before a security-related event occurs. For more information, see Cross-Account Log Data Sharing with Subscriptions.