Back to All Checks
Medium Connect Regional

Connect instances should have CloudWatch logging enabled

FSBP

Description

This control checks if an Amazon Connect instance is configured to generate and store flow logs in an Amazon CloudWatch log group. It fails if the instance is not configured to do so. Amazon Connect flow logs provide real-time details about events in Amazon Connect flows, which define the customer experience. By default, a CloudWatch log group is automatically created for flow logs when a new Amazon Connect instance is created. These logs are useful for analyzing flows, finding errors, monitoring operational metrics, and setting up alerts for specific events.

Remediation

Enable CloudWatch logging for your Amazon Connect instances to ensure flow logs are generated and stored.

Steps

  1. Navigate to the Amazon Connect console
  2. Select the Connect instance that needs logging enabled
  3. Go to the 'Data streaming' or 'Logging' section
  4. Enable 'Contact flow logs' or 'Flow logs'
  5. Configure the CloudWatch log group destination
  6. Set the appropriate log level and retention period
  7. Save the configuration
  8. Verify that flow logs are being generated in CloudWatch

Compliance

FSBP
Start Your Free Security Check