How to configure "tags on creation" for the AWS Config logs written by AWS Control Tower

Question

Hi, I am searching for best way how to configure "tags on creation" for the AWS Config logs written by AWS Control Tower.

**Situation:**   
* AWS Control Tower is logging all configuration changes. For this a stack set is applied to all member accounts (AWSControlTowerBP-BASELINE-CONFIG-MASTER)
* I do not find a way how to define the set of basic tags that should be added to each log on creation (creation = log gets written in S3 bucket in Logging Account)

**Request:**   
* How can I define such basic tags?
* Important: These basic tags need to be there during creation of the log file because I want to use s3 replication rule for config logs. (from AWS docu: "you must assign the specific tag key and value at the time of creating the object for Amazon S3 to replicate the object. If you first create an object and then add the tag to the existing object, Amazon S3 does not replicate the object.")

Answer

Just an update on this topic: I did lots of investigation and the request is simply not possible in AWS at this time. What did we do? We disabled default CloudTrail from AWS Control Tower to have AWS Config logs separated in default CT bucket. We then configured our own CloudTrail Organizational Trail.

How to configure "tags on creation" for the AWS Config logs written by AWS Control Tower

관련 콘텐츠