Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

How to configure "tags on creation" for the AWS Config logs written by AWS Control Tower

0

Hi, I am searching for best way how to configure "tags on creation" for the AWS Config logs written by AWS Control Tower.

Situation:

  • AWS Control Tower is logging all configuration changes. For this a stack set is applied to all member accounts (AWSControlTowerBP-BASELINE-CONFIG-MASTER)
  • I do not find a way how to define the set of basic tags that should be added to each log on creation (creation = log gets written in S3 bucket in Logging Account)

Request:

  • How can I define such basic tags?
  • Important: These basic tags need to be there during creation of the log file because I want to use s3 replication rule for config logs. (from AWS docu: "you must assign the specific tag key and value at the time of creating the object for Amazon S3 to replicate the object. If you first create an object and then add the tag to the existing object, Amazon S3 does not replicate the object.")
Temas
Gestión y gobierno
Etiquetas
AWS ConfigAWS Control TowerEtiquetado
Idioma
English
Andre
preguntada hace 7 meses256 visualizaciones
1 Respuesta
0

Just an update on this topic: I did lots of investigation and the request is simply not possible in AWS at this time. What did we do? We disabled default CloudTrail from AWS Control Tower to have AWS Config logs separated in default CT bucket. We then configured our own CloudTrail Organizational Trail.

Andre
respondido hace 7 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante