By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to configure "tags on creation" for the AWS Config logs written by AWS Control Tower

0

Hi, I am searching for best way how to configure "tags on creation" for the AWS Config logs written by AWS Control Tower.

Situation:

  • AWS Control Tower is logging all configuration changes. For this a stack set is applied to all member accounts (AWSControlTowerBP-BASELINE-CONFIG-MASTER)
  • I do not find a way how to define the set of basic tags that should be added to each log on creation (creation = log gets written in S3 bucket in Logging Account)

Request:

  • How can I define such basic tags?
  • Important: These basic tags need to be there during creation of the log file because I want to use s3 replication rule for config logs. (from AWS docu: "you must assign the specific tag key and value at the time of creating the object for Amazon S3 to replicate the object. If you first create an object and then add the tag to the existing object, Amazon S3 does not replicate the object.")
Topics
Management & Governance
Tags
AWS ConfigAWS Control TowerTagging
Language
English
Andre
asked 7 months ago244 views
1 Answer
0

Just an update on this topic: I did lots of investigation and the request is simply not possible in AWS at this time. What did we do? We disabled default CloudTrail from AWS Control Tower to have AWS Config logs separated in default CT bucket. We then configured our own CloudTrail Organizational Trail.

Andre
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content