Auditing and Logging Admin Sessions

Granting administrative access is only half the job; you must also record what administrators do. Session Manager provides rich logging so every command and session is accountable. The SCS-C02 exam stresses this auditability as a core advantage over SSH, where command-level logging is hard to centralize.

Session Manager logging has two layers: API-level logging of who started and stopped sessions, captured by CloudTrail, and session-content logging of the actual keystrokes and output, sent to CloudWatch Logs or S3. Together they answer both "who connected" and "what did they do."