- 최신
- 최다 투표
- 가장 많은 댓글
Control Tower generated CloudTrail by default logs management events and pushes logs to CloudWatch logs and S3 bucket.
AWS Control Tower is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in AWS Control Tower. CloudTrail captures actions for AWS Control Tower as events. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for AWS Control Tower.
CloudTrail is enabled on your AWS account when you create the account.
For organizations trail, it depends on what you enable on the trail but the trail is created in linked accounts in the organization as well. Unless you have any specific use case for having two same trails, it is best to keep the control tower trail to optimize cost. When you have multiple trails on an account, you incur costs for any additional copies of events delivered. This blog post talks about integrating existing CloudTrail configurations with control tower.
Just side note: since Control Tower v3 (July 2022) Organizational Trail is and option for Control Tower https://aws.amazon.com/about-aws/whats-new/2022/07/aws-control-tower-adopts-aws-cloudtrail-organization-logging/
관련 콘텐츠
AWS 공식업데이트됨 2년 전
