AWS Private Certificate Authority
AWS Private CA enables the creation of private certificate authority (CA) hierarchies, including root and subordinate CAs, without the investment and maintenance costs of operating an on-premises CA. Your private CAs can issue end-entity X.509 certificates useful in scenarios including:
- Creating encrypted TLS communication channels
- Authenticating users, computers, API endpoints, and IoT devices
- Cryptographically signing code
- Implementing Online Certificate Status Protocol (OCSP) for obtaining certificate revocation status
AWS Private CA operations can be accessed from the AWS Management Console, using the AWS Private CA API, or using the AWS CLI.
For more details, refer to the AWS documentation.
Log and metric types​
Setup​
You can collect the logs and metrics for Sumo Logic's AWS Private Certificate Authority integration by following the below steps.
Configure metrics collection​
- Collect CloudWatch Metrics with namespace
AWS/ACMPrivateCA
using the AWS Kinesis Firehose for Metrics source. ForAWS/ACMPrivateCA
metrics and dimensions, refer to AWS Private Certificate Authority CloudWatch metrics.
Configure logs collection​
- Collect AWS CloudTrail Logs using the AWS CloudTrail source. AWS Private CA is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or AWS service. CloudTrail is enabled by default on your AWS account. You can use AWS CloudTrail to record API calls that are made by AWS Private Certificate Authority. If you configure a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for AWS Private CA.