- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
AWS Control Tower Guardrails and AWS Config Rules: Control Tower uses AWS Config for guardrails, but they don't show up as regular AWS Config rules. They are managed by Control Tower itself.
Purpose of the Audit Account: The Audit Account is used to grant read-only access for auditing purposes. Security services can be hosted in a separate account, and the Audit Account can be granted read-only access to them.
Programmatic Access for Security Services Account: Yes, the account hosting centralized security services like AWS Config Aggregator and Security Hub should have programmatic access to other accounts to collect and analyze data.
Log Archive Account: By default, the Log Archive Account collects CloudTrail logs. If you want to centralize other logs like DNS or VPC logs, you need to set up forwarding from the Audit Account to the Log Archive Account. This ensures that all logs are in one place for analysis and long-term storage.
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata 3 anni fa
On your last point, if audit account is hosting the aws config aggregator but I still want to centralize aws config logs to S3 in archive account. Is it possible to send config aggregator logs to s3 in other account