AWS Backup Audit Manager

Question

We have an aws organization level setup and assigned a log account in security OU as delegated administrator for AWS backup service and enabled the cross account monitoring from management account. Now,  I want to know whether log account ( delegated administrator) would able to create centralized backup audit report across all the accounts in your organization and store the report in S3.

Accepted Answer

No, log account (delegated administrator) cannot receive backup audit report across all the accounts in your organization.
You can only send the across all the accounts in your organization to an S3 bucket in your management account
"All account holders can create cross-Region reports; management account holders can also create cross-account reports."
https://docs.aws.amazon.com/aws-backup/latest/devguide/working-with-audit-reports.html

If you are using a management account, you can specify which accounts you want to include in this report plan. You can select Only my account, which will generate reports on just the account to which you’re currently logged in. Or, you can select One or more accounts in my organization (only available to management accounts).
https://docs.aws.amazon.com/aws-backup/latest/devguide/create-report-plan-console.html

AWS Backup Audit Manager

Relevanter Inhalt