Interview AWS

How would you set up centralised logging across multiple AWS accounts?

AWS · Advanced level

Answer

Centralized logging uses dedicated log archive/security accounts, organization trails, Config aggregation, VPC/ALB/WAF/app log delivery, encryption, retention, restricted access, and searchable storage through Athena, SIEM, or log analytics.

Technical explanation

High-volume logs need retention, filtering, partitioning, and lifecycle design to avoid runaway cost.

Multi-account governance should combine preventive controls such as SCPs with detective controls such as Config, GuardDuty, Inspector, Security Hub, CloudTrail, and Access Analyzer.

Central security, logging, and networking accounts reduce blast radius and protect evidence from workload account compromise.

Every control needs an owner, exception process, alert route, and remediation workflow or it becomes shelfware.

Hands-on example

1. Create a multi-account sandbox or use separate dev/security/logging accounts to test the control pattern.

2. Enable the relevant organization-level service or guardrail, then generate a controlled finding or denied action.

3. Route findings to Security Hub, EventBridge, ticketing, SIEM, or an incident channel with ownership metadata.

4. Document the exception process, remediation automation, and evidence required for audit.

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More AWS interview questions

← All AWS questions