---
title: AWS Verified Access
description: >-
  Secure application access without the need for a virtual private network
  (VPN).
breadcrumbs: Docs > Integrations > AWS Verified Access
---

# AWS Verified Access

## Overview{% #overview %}

With AWS Verified Access, you can provide secure access to your corporate applications without requiring the use of a virtual private network (VPN). Verified Access evaluates each application request and helps ensure that users can access each application only when they meet the specified security requirements.

## Setup{% #setup %}

### Installation{% #installation %}

If you haven't already, set up the [Amazon Web Services integration](https://docs.datadoghq.com/integrations/amazon_web_services/) first.

### Log collection{% #log-collection %}

#### Enable Verified Access logs{% #enable-verified-access-logs %}

1. Open the Amazon VPC console
1. In the navigation pane, choose **Verified Access instances**.
1. Select the Verified Acccess instance.
1. On the Verified Access instance logging configuration tab, choose **Modify Verified Access instance logging configuration**
1. Turn on **Deliver to Amazon Cloudwatch Logs**. Choose the destination log group.

**Note**: Include the string `verified-access` in the log group name to enable automatic log parsing.

For more information, see [Enable Verified Access logs](https://docs.aws.amazon.com/verified-access/latest/ug/access-logs-enable.html).

#### Send logs to Datadog{% #send-logs-to-datadog %}

**Note**: If you are using Datadog's [Amazon Security Lake integration](https://docs.datadoghq.com/integrations/amazon_security_lake/), you can send Verified Access logs through that integration instead of following the steps below.

1. If you haven't already, set up the [Datadog Forwarder Lambda function](https://docs.datadoghq.com/logs/guide/forwarder/) in your AWS account.
1. Once set up, go to the Datadog Forwarder Lambda function. In the Function Overview section, click **Add Trigger**.
1. Select the **CloudWatch Logs** trigger for the Trigger Configuration.
1. Select the log group that contains your Verified Access logs.
1. Add a Filter Name.
1. Click **Add** to add the trigger to your Lambda.

Go to the [Log Explorer](https://app.datadoghq.com/logs) to start exploring your logs.

For more information on collecting AWS Services logs, see [Send AWS Services Logs with the Datadog Lambda function](https://docs.datadoghq.com/logs/guide/send-aws-services-logs-with-the-datadog-lambda-function/).

## Data collected{% #data-collected %}

### Metrics{% #metrics %}

The AWS Verified Access integration does not include any metric collection.

### Events{% #events %}

The AWS Verified Access integration does not include any events.

### Logs{% #logs %}

The AWS Verified Access integration includes [Verified Access logs](https://docs.aws.amazon.com/verified-access/latest/ug/access-logs.html).

### Service Checks{% #service-checks %}

The AWS Verified Access integration does not include any service checks.

## Troubleshooting{% #troubleshooting %}

Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).

## Further Reading{% #further-reading %}

- [Enhance corporate application security with AWS Verified Access and Datadog](https://www.datadoghq.com/blog/verified-access-datadog/)