By using AWS re:Post, you agree to the Terms of Use

Consolidating Cloudtrail events from multiple accounts to one bucket

0

I'm trying to work this in the given example to write logs from Account B's Cloudtrail to Account A's bucket. I can't see the bucket in Account A in Account B's cloudtrail configuration event after adding the additional line in bucket policy under Action - s3:PutObject. : { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSCloudTrailAclCheck20150319", "Effect": "Allow", "Principal": { "Service": "cloudtrail.amazonaws.com" }, "Action": "s3:GetBucketAcl", "Resource": "arn:aws:s3:::aws-cloudtrail-logs-481557513980-612e9c3a", "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudtrail:ap-southeast-1:481557513980:trail/management-events-joel.ckx_dev" } } }, { "Sid": "AWSCloudTrailWrite20150319", "Effect": "Allow", "Principal": { "Service": "cloudtrail.amazonaws.com" }, "Action": "s3:PutObject", "Resource": [ "arn:aws:s3:::aws-cloudtrail-logs-481557513980-612e9c3a/AWSLogs/481557513980/", "arn:aws:s3:::aws-cloudtrail-logs-481557513980-612e9c3a/AWSLogs/066239933787/" ], "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudtrail:ap-southeast-1:481557513980:trail/management-events-joel.ckx_dev", "s3:x-amz-acl": "bucket-owner-full-control" } } } ] }

  • BTW formatting your code with markdown would make it much more readable.

1 Answer
0

If possible, you should consider using AWS Control Tower which will set up and maintain the Log Archive account with consolidated CloudTrail logs for you -> https://docs.aws.amazon.com/controltower/latest/userguide/how-control-tower-works.html#what-shared

If that's not possible, I suggest following the documentation Receiving CloudTrail log files from multiple accounts.

Cheers

answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions