1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
Hello Indeed, achieving this theatrically is feasible, but it entails deploying a lambda function in each account to send data to a central S3 bucket or EventBridge. However, this approach introduces the challenge of managing multiple lambdas (x N), necessitating the use of stack sets or similar mechanisms. These tools typically require access either to a management account or delegated admin permissions any way.
One potential adjustment is to enhance the account collector lambda of existing solution to return a static list of accounts, ensuring it operates without needing access to the Organization Account.
You will need to
- deploy permissions in each linked account -> https://github.com/awslabs/cid-framework/blob/main/data-collection/deploy/deploy-in-linked-account.yaml
- Deploy data collection stack as per doc specifying the current linked account as Management account
- Modify account_collection lambda to use this example : https://github.com/awslabs/cid-framework/blob/main/data-collection/deploy/account-collector.yaml#L145
def dummy_iterate_linked_accounts():
# use this function if you have no access to payer or delegated admin at all
hardcoded_accounts = [
{'account_id': '111222333444', 'account_name': 'replaceme', 'payer_id': '666777888999'},
{'account_id': '555666777888', 'account_name': 'replaceme', 'payer_id': '666777888999'},
]
for account_data in hardcoded_accounts:
yield {"account": json.dumps(account_data)}
- Run State Machine for data collection of Trusted Advisor
関連するコンテンツ
- 質問済み 3ヶ月前
AWS公式更新しました 2年前- AWS公式更新しました 4年前
- AWS公式更新しました 4年前
- AWS公式更新しました 10ヶ月前
I have managed to get it working successfully. thanks for providing very detailed instructions.