Amazon Web Services - Can you log the infrastructure?

[Karl Bernard <karl.bernard () GMAIL COM>]

We (IT Security) have been asked to work on a project to do a POC setup of
an AWS Virtual Private Cloud (VPC) that will in turn be IPsec tunneled back
to our infrastructure using a Cisco ISA. We're slowly working our way
through that part, but my biggest question is that when I was looking at
the AWS management console, I couldn't find any activity logs for who's
logged into the management console and what changes have been made. Does
anyone know if this is available, or where I can find it if I've overlooked
it? Ideally, we would like to see those logs come back to our 'real'
network via syslog through the VPN tunnel, or via some kind of secure log
streaming from AWS itself.

Related to this - has anyone setup a HIPAA-compliant VPC with AWS or with
any other cloud infrastructure vendors?

Thanks for your input,

Karl Bernard
Senior Information Security Analyst
UTHealth, Academic Health Center at Houston