Starting today, AWS Managed Microsoft AD supports forwarding Kerberos Encryption audit event logs (Event IDs 201–209) to Amazon CloudWatch Logs. These logs provide visibility into the encryption types used by your applications and services, helping you identify which resources are using RC4 encryption versus AES encryption. This visibility allows you to decide whether to upgrade clients to AES encryption (recommended for improved security) or maintain RC4 support based on your environment’s compatibility requirements.
To get started, navigate to your AWS Managed Microsoft AD directory Network and Security tab in the AWS Directory Service console and enable log forwarding to Amazon CloudWatch Logs. You can then review the Kerberos Encryption audit events to understand your current encryption settings. To learn more, see Enabling Amazon CloudWatch Logs log forwarding for AWS Managed Microsoft AD.
This feature is available in all AWS Regions where AWS Managed Microsoft AD is available, except in the Middle East (UAE) and Middle East (Bahrain) Regions.
Categories: marketing:marchitecture/security-identity-and-compliance,general:products/aws-directory-service
Source: Amazon Web Services
