- 최신
- 최다 투표
- 가장 많은 댓글
Hello.
"aws-controltower-logs- aws-controltower-s3-access-logs-" is a bucket for saving S3 access logs of the bucket where CloudTrail and Config logs are aggregated, so VPC flow logs cannot be saved.
In order to centrally manage VPC flow logs, application logs, etc., you will need to configure cross-account output settings separately.
https://docs.aws.amazon.com/controltower/latest/userguide/accounts.html
This account contains a central Amazon S3 bucket for storing a copy of all AWS CloudTrail and AWS Config log files for all other accounts in your landing zone. As a best practice, we recommend restricting log archive account access to teams responsible for compliance and investigations, and their related security or audit tools. This account can be used for automated security audits, or to host custom AWS Config Rules, such as Lambda functions, to perform remediation actions.
To output logs output to CloudWatch Logs to S3 in a separate account, the settings in the following document may be helpful.
https://repost.aws/knowledge-center/kinesis-firehose-cloudwatch-logs
관련 콘텐츠
- 질문됨 2달 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 일 년 전