- Newest
- Most votes
- Most comments
Hello.
I guess it depends on the use case, but in my case I manage metrics separately from the log archive account.
Log archive accounts contain logs that are important from a security and governance perspective, such as "AWS CloudTrail," which retrieves AWS operation history, and "AWS Config," which retrieves change history of AWS resources.
In order to prevent such logs from being viewed by general users, I manage metrics using a different account.
To prevent issues such as logs being deleted when incorrect permissions are granted to a user, we limit the number of users who can access the log archive account as much as possible.
https://docs.aws.amazon.com/controltower/latest/userguide/logging-and-monitoring.html
Thank you for submitting your question, George! We answered this on an episode of AWS re:Post Live. You can click this link and jump to 54:18 in the time code to listen to us discuss - https://www.twitch.tv/videos/2204463289
Does it mean 'Security Tooling (Audit) account' is the right AWS account for monitoring? If not, then having a separate account for monitoring is recommended, then what goes to the Security Tooling (Audit) account and the Monitoring account (per security and monitoring services)?
Since asking this question I have started using the Audit account for things like Guard Duty;
Relevant content
- asked 3 years ago
- asked a year ago
- asked 3 years ago
This link seems to be broken. Is there another source for the recording of the discussion?
Hi~ I have the same question as Mark... is there another link available?
edit: I think I found it: https://www.twitch.tv/aws/video/2252565130