En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

How to use CloudWatch after Control Tower version 3.0 update

0

We have a multi-account setup where we deployed an organizational-level CloudTrail in our root account's Control Tower.

For the newest version of the Control Tower (3.0), AWS introduced Organizational-level CloudTrail, this service deploys a baseline CloudTrail in each of our respective accounts and provides them the ability to send logs to a central CloudWatch location in our Root account and to a central S3 location in our logging account.

We have concerns regarding providing access to the root account just to be able to view the centralized CloudWatch logs.

I have tried setting up Athena in our Logging account so that our team can view the logs in our logging bucket, but that feels like I'm taking an unnecessary detour.

What is the best way to still be able to access the root account's CloudWatch logs without having to be in the root account?

Any advice would be appreciated!

Thanks in advance!

Sujets
Gestion et gouvernanceRéseaux et diffusion de contenu
Balises
Tour de contrôle AWSAmazon CloudWatchOrganisations AWSAWS CloudTrail
Langue
English
rePost-User-3949708
demandé il y a un an250 vues
1 réponse
0

Instead of using the root account (management account), you can add a delegated administrator to manage an organization's CloudTrail resources.

For more details, please refers to the documentation at: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-add-delegated-administrator.html

AWS
ronald_l
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents