How to use AWS Verified Access logs to write and troubleshoot access policies
Blog
This article explains how to use improved AWS Verified Access logging to write and troubleshoot zero-trust access policies for corporate applications without VPNs.
- Verified Access now logs extensive user context from trust providers for better policy troubleshooting
- Enable logging via console by selecting OCSF log version and including trust context
- Logs capture user identity, group membership, device security scores, and HTTP request details
- Different trust providers (IAM Identity Center, Okta, CrowdStrike) provide different context information
- Use detailed context to write fine-grained policies with multiple validation conditions
- Example policy checks group membership, email verification, device OS score, and overall device score
The improved logging eliminates manual context gathering from multiple sources, enabling faster policy development and security incident response.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.