- Newest
- Most votes
- Most comments
Hello.
I guess it depends on the use case, but in my case I manage metrics separately from the log archive account.
Log archive accounts contain logs that are important from a security and governance perspective, such as "AWS CloudTrail," which retrieves AWS operation history, and "AWS Config," which retrieves change history of AWS resources.
In order to prevent such logs from being viewed by general users, I manage metrics using a different account.
To prevent issues such as logs being deleted when incorrect permissions are granted to a user, we limit the number of users who can access the log archive account as much as possible.
https://docs.aws.amazon.com/controltower/latest/userguide/logging-and-monitoring.html
Thank you for submitting your question, George! We answered this on an episode of AWS re:Post Live. You can click this link and jump to 54:18 in the time code to listen to us discuss - https://www.twitch.tv/videos/2204463289
Relevant content
- asked 2 years ago
- asked 3 months ago
- asked 2 years ago
AWS OFFICIALUpdated 2 months ago
This link seems to be broken. Is there another source for the recording of the discussion?
Hi~ I have the same question as Mark... is there another link available?
edit: I think I found it: https://www.twitch.tv/aws/video/2252565130