Daily Blog #808: Testing AWS Log Latency - ConsoleLogin
In a recent Sunday Funday discussion, I posed an intriguing question to my audience: What's the actual log delay across major cloud providers? By log delay, I mean the time it takes for an event to appear in a cloud provider's audit log after it has occurred. Chris Eng did an excellent job documenting this behavior for Azure, but didn't cover AWS or Google Cloud. That's why I'm kicking off a new blog series where I'll be digging into the log delays for those platforms—starting with AWS, and then moving on to Google Cloud. For this initial test, I focused on the ConsoleLogin event in AWS.
The ConsoleLogin event is a CloudTrail-logged event that captures when a user successfully signs into the AWS web console. This might seem like a straightforward process, but I soon discovered that it wasn't as simple as it seemed. The first time I ran the test, I unknowingly logged in through the us-east-2 region but was searching for logs in us-east-1. Since CloudTrail logs are region-specific, this led to confusion. To avoid any potential issues, I made sure to double-check my search region, ensuring that I was looking in the correct place if I wanted to see the expected log appear.
When I initially ran the test, my stopwatch hit 17 minutes without any sign of the login event—even though AWS provides a 15-minute SLA for log delivery. Once I switched my search to us-east-2 and re-ran the test, I immediately found the ConsoleLogin event and realized that I needed to redo the test. To confirm that my login URL was indeed showing the correct region, I logged out and back in again.
With my region correctly set, I monitored CloudTrail for the event. And what did I find? The ConsoleLogin event showed up within 90 seconds of clicking the “Sign in” button. That's not only faster than the 15-minute SLA, but also quicker than AWS's targeted 5-minute delivery time for critical events. I was impressed by how quickly the log appeared, and I couldn't wait to see if this speed would hold true for other cloud providers.
For tomorrow's blog post, I'll test the log delay for API key creation. Stay tuned! In the meantime, I'd love to hear from you: Have you experienced any issues with AWS log delays? Do you have any tips or tricks for optimizing your cloud provider's logs? Share your thoughts in the comments below!