AWS report generation

0

Hi AWS, I have more than 15 accounts for which I need to generate the report in the excel file and these are:

  1. For all accounts the groups and IAM policies that apply to each group.
  2. For all accounts whether the Backup is enabled or not.
  3. For all accounts whether the Logging is enabled or not.

What do you suggest, writing a lambda function is a way to go as I have tried to generate using AWS Config conformance packs and it didn't generate any output for all the three requirements.

Please help

  • please accept the answer if it was useful for you

1 Answer
0
  1. In this post, we demonstrate how to automate and consolidate IAM credential reports for your AWS accounts using a scalable infrastructure as code (IaC) automation created through AWS CloudFormation. With this process, you can generate and download credential reports that list all of your IAM users and the status of their credentials, including passwords, access keys, and multifactor-authentication devices. https://aws.amazon.com/blogs/infrastructure-and-automation/automate-iam-credential-reports-at-scale-across-aws/
  2. You can use Organizational Backup policies and Backup Audit Manager https://aws.amazon.com/blogs/storage/automate-the-delivery-of-aws-backup-audit-manager-report-via-email/
  3. Depends on what types of logs you need. You can use managed Config Rules to check if logging is enabled, store results in S3 and after that parse them and generate the final report via Lambda https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
profile picture
EXPERT
answered 7 months ago
profile picture
EXPERT
reviewed 7 months ago
  • Hi Oleksii Bebych, I have one question if in case I want to provision the infrastructure using CloudFormation StackSet or Control Tower do I need to do something extra apart from setting up the prerequisites and also if I can get some more info for point 3.

  • in the Control Tower you will have AWS Config Aggregator (multi-account configuration) by default. You may look at Control Tower Controls (Guardrails) and find rules for logging. I assume they are optional.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions