Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Multiple Cloudtrail logs into centralized Cloudwatch log account

0

How do I go about getting multiple cloudtrails into a single logging account in cloudwatch? I was thinking maybe kinesis with CW subscription filter? Or is there another way.

Argomenti
Gestione e amministrazioneAnalisiInternet delle cose (IoT)Sicurezza, identità e conformità
Tag
Amazon CloudWatchAWS CloudTrailAmazon KinesisPolitiche IAM
Lingua
English
rePost-User-4136916
posta un anno fa970 visualizzazioni
5 Risposte
0

While there are many ways to achieve this, one approach is well documented here - https://aws.amazon.com/solutions/implementations/centralized-logging/.

rpathangi
con risposta un anno fa
profile pictureAWS
ESPERTO
kentrad
verificato un anno fa
0

Are you interested in combining multiple CloudTrail trails with CloudWatch logs in a single logging account? If yes, then the above post is a solution. Otherwise, if you just want to consolidate all your CloudTrail trails in a single location (single account), then I'd recommend looking at CloudTrail Lake , a managed data lake that lets organizations aggregate, immutably store, and query events recorded by CloudTrail. It does not require you to create any other CloudTrail trails, S3 buckets, use Athena to log and query events or create data pipelines to move your CloudTrail events to a central location.

The key component of a CloudTrail Lake is an event data store. Once set up, you may immediately query CloudTrail events in the event data store (or multiple event data stores) using SQL-based queries with the built-in Query editor. Also, as with CloudTrail trails, you may choose to log management and/or data events in an event data store with further selection of sources for data events (so that you may log only desired data and optimize costs). You may also copy existing CloudTrail trails into an event data store.

With CloudTrail Lake and AWS Organizations, you may enable CloudTrail event logging across all member accounts in one or more regions to a single account (management account or delegated account like a Security account).

AWS
gsatur
con risposta un anno fa
0

Yes, it would be all the cloudtrails from sub-accounts into one account cloudwatch. So looking at the link, looks like the subscription filter would be the way to go?

The environment is for a landing zone accelerator deployment.

rePost-User-4136916
con risposta un anno fa
0

If the sub-accounts are under the same ORG; I could configure a ORG cloudtrail, but then would I be able to send all those logs into cloudwatch in another account?

rePost-User-4136916
con risposta un anno fa
0

Delegated administration of CloudTrail to the destination member account in the AWS Organization should help. Refer https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-delegated-administrator.html

AWS
gsatur
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente