Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

more details needed about terminated AWS account

0

I want to know who closed my account but it is post 90 days of closure now, and seems to be terminated. However, I would like to know when the acccount was first closed and who closed it as it comes under organization.

Argomenti
Gestione e amministrazione
Tag
Organizzazioni AWSGestore account AWS
Lingua
English
priromauld
posta un anno fa222 visualizzazioni
2 Risposte
0

You can find the "CloseAccount" event in the CloudTrail of the Organizations management account.
When checking CloudTrail events, please check "us-east-1".
The following images are in Japanese, but were confirmed by my console.
closeaccount

profile picture
ESPERTO
Riku_Kobayashi
con risposta un anno fa
0

Hi, CloudTrail captures all API calls for AWS Organizations as events, including CloseAccount, with the following user identity information in the log entry:

  • Whether the request was made with root user or IAM user credentials
  • Whether the request was made with temporary security credentials for an IAM role or a federated user
  • Whether the request was made by another AWS service

However, CloudTrail will only show the results of the CloudTrail Event History for the last 90 days, so you must have configured a CloudTrail trail to enable continuous delivery of CloudTrail events to an Amazon S3 bucket, or you won't be able to see them. Did you already have it configured?

If so, then you can use Amazon Athena to query data in S3. This is an example of CloseAccount log entry, extracted from the AWS documentation, which can serve as a reference.

{
    "eventVersion": "1.08",
    "userIdentity": {
        "type": "IAMUser",
        "principalId": "AIDAMVNPBQA3EXAMPLE:my-admin-role",
        "arn": "arn:aws:sts::111122223333:assumed-role/my-admin-role/my-session-id",
        "accountId": "111122223333",
        "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
        "sessionContext": {
            "sessionIssuer": {
                "type": "Role",
                "principalId": "AIDAMVNPBQA3EXAMPLE",
                "arn": "arn:aws:iam::111122223333:role/my-admin-role",
                "accountId": "111122223333",
                "userName": "my-session-id"
            },
            "webIdFederationData": {},
            "attributes": {
                "mfaAuthenticated": "false",
                "creationDate": "2022-03-18T18:17:06Z"
            }
        }
    },
    "eventTime": "2022-03-18T18:17:06Z",
    "eventSource": "organizations.amazonaws.com",
    "eventName": "CloseAccount",
    "awsRegion": "us-east-1",
    "sourceIPAddress": "192.168.0.1",
    "userAgent":  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)...",
    "requestParameters": {
        "accountId": "555555555555"
    },
    "responseElements": null,
    "requestID": "e28932f8-d5da-4d7a-8238-ef74f3d5c09a",
    "eventID": "19fe4c10-f57e-4cb7-a2bc-6b5c30233592",
    "readOnly": false,
    "eventType": "AwsApiCall",
    "managementEvent": true,
    "recipientAccountId": "111122223333",
    "eventCategory": "Management"
}
profile picture
ESPERTO
Mikel Del Tio
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente