- When you have multiple AWS accounts, from a security perspective, its good to have all the logs directed to a central account.
- In the central account, create a bucket to hold the logs.
- Ensure a bucket policy is in place to provide access to all other accounts the ability to add objects to the central S3 bucket
- This is the procedure of using Central CloudTrail S3 Bucket for Multiple AWS Accounts
Step 1) Let’s assume that your central account is called Centralised Account for logs.
First create a bucket that will hold all of the CloudTrail log files.
Click on AWS Services -> select -> S3
Step 2) Go to the bucket and add a bucket policy
Open Your Bucket -> Click on Permissions -> Edit Bucket Policy -> Copy and paste the below code and update BucketName and Account ID.
About Bucket Policy:
1. Allowing CloudTrail to have the permission to get the bucket ACL.
2. Add the account ID to have the permission to add objects to the centralised bucket.
3. You have to create these folder DemoAccount2 and AWSLogs in your bucket because we have provided access to particular folder only.
Step 3) Now log into the other First/Second Account.
Modify the Cloudtrail log storage location by:
- Select Use existing S3 bucket
- Select Trail log bucket name
Now go to the Centralised security bucket, you will see the log files of the other account
By using above tutorial we have centralized CloudTrail logs of Multiple Accounts.
Please Drop Comment if you faced any issue at any point, I will try to help asap
I think other web site proprietors should take this site as an model, very clean and excellent user friendly style and design, let alone the content. You are an expert in this topic! Caryl Cullan Vashtee
This information is worth everyone’s attention. Where can I find
Comments are closed.