1 Answer
- Newest
- Most votes
- Most comments
0
- In this post, we demonstrate how to automate and consolidate IAM credential reports for your AWS accounts using a scalable infrastructure as code (IaC) automation created through AWS CloudFormation. With this process, you can generate and download credential reports that list all of your IAM users and the status of their credentials, including passwords, access keys, and multifactor-authentication devices. https://aws.amazon.com/blogs/infrastructure-and-automation/automate-iam-credential-reports-at-scale-across-aws/
- You can use Organizational Backup policies and Backup Audit Manager https://aws.amazon.com/blogs/storage/automate-the-delivery-of-aws-backup-audit-manager-report-via-email/
- Depends on what types of logs you need. You can use managed Config Rules to check if logging is enabled, store results in S3 and after that parse them and generate the final report via Lambda https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
Hi Oleksii Bebych, I have one question if in case I want to provision the infrastructure using CloudFormation StackSet or Control Tower do I need to do something extra apart from setting up the prerequisites and also if I can get some more info for point 3.
in the Control Tower you will have AWS Config Aggregator (multi-account configuration) by default. You may look at Control Tower Controls (Guardrails) and find rules for logging. I assume they are optional.
Relevant content
- Accepted Answerasked 2 years ago
- asked 3 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
please accept the answer if it was useful for you