Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

more details needed about terminated AWS account

0

I want to know who closed my account but it is post 90 days of closure now, and seems to be terminated. However, I would like to know when the acccount was first closed and who closed it as it comes under organization.

Themen
Management & Unternehmensführung
Tags
AWS OrganisationenAWS Kontoverwaltung
Sprache
English
priromauld
gefragt vor einem Jahr222 Aufrufe
2 Antworten
0

You can find the "CloseAccount" event in the CloudTrail of the Organizations management account.
When checking CloudTrail events, please check "us-east-1".
The following images are in Japanese, but were confirmed by my console.
closeaccount

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor einem Jahr
0

Hi, CloudTrail captures all API calls for AWS Organizations as events, including CloseAccount, with the following user identity information in the log entry:

  • Whether the request was made with root user or IAM user credentials
  • Whether the request was made with temporary security credentials for an IAM role or a federated user
  • Whether the request was made by another AWS service

However, CloudTrail will only show the results of the CloudTrail Event History for the last 90 days, so you must have configured a CloudTrail trail to enable continuous delivery of CloudTrail events to an Amazon S3 bucket, or you won't be able to see them. Did you already have it configured?

If so, then you can use Amazon Athena to query data in S3. This is an example of CloseAccount log entry, extracted from the AWS documentation, which can serve as a reference.

{
    "eventVersion": "1.08",
    "userIdentity": {
        "type": "IAMUser",
        "principalId": "AIDAMVNPBQA3EXAMPLE:my-admin-role",
        "arn": "arn:aws:sts::111122223333:assumed-role/my-admin-role/my-session-id",
        "accountId": "111122223333",
        "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
        "sessionContext": {
            "sessionIssuer": {
                "type": "Role",
                "principalId": "AIDAMVNPBQA3EXAMPLE",
                "arn": "arn:aws:iam::111122223333:role/my-admin-role",
                "accountId": "111122223333",
                "userName": "my-session-id"
            },
            "webIdFederationData": {},
            "attributes": {
                "mfaAuthenticated": "false",
                "creationDate": "2022-03-18T18:17:06Z"
            }
        }
    },
    "eventTime": "2022-03-18T18:17:06Z",
    "eventSource": "organizations.amazonaws.com",
    "eventName": "CloseAccount",
    "awsRegion": "us-east-1",
    "sourceIPAddress": "192.168.0.1",
    "userAgent":  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)...",
    "requestParameters": {
        "accountId": "555555555555"
    },
    "responseElements": null,
    "requestID": "e28932f8-d5da-4d7a-8238-ef74f3d5c09a",
    "eventID": "19fe4c10-f57e-4cb7-a2bc-6b5c30233592",
    "readOnly": false,
    "eventType": "AwsApiCall",
    "managementEvent": true,
    "recipientAccountId": "111122223333",
    "eventCategory": "Management"
}
profile picture
EXPERTE
Mikel Del Tio
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt