By using AWS re:Post, you agree to the Terms of Use

Consolidating Cloudtrail events from multiple accounts to one bucket


I'm trying to work this in the given example to write logs from Account B's Cloudtrail to Account A's bucket. I can't see the bucket in Account A in Account B's cloudtrail configuration event after adding the additional line in bucket policy under Action - s3:PutObject. : { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSCloudTrailAclCheck20150319", "Effect": "Allow", "Principal": { "Service": "" }, "Action": "s3:GetBucketAcl", "Resource": "arn:aws:s3:::aws-cloudtrail-logs-481557513980-612e9c3a", "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudtrail:ap-southeast-1:481557513980:trail/management-events-joel.ckx_dev" } } }, { "Sid": "AWSCloudTrailWrite20150319", "Effect": "Allow", "Principal": { "Service": "" }, "Action": "s3:PutObject", "Resource": [ "arn:aws:s3:::aws-cloudtrail-logs-481557513980-612e9c3a/AWSLogs/481557513980/", "arn:aws:s3:::aws-cloudtrail-logs-481557513980-612e9c3a/AWSLogs/066239933787/" ], "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudtrail:ap-southeast-1:481557513980:trail/management-events-joel.ckx_dev", "s3:x-amz-acl": "bucket-owner-full-control" } } } ] }

  • BTW formatting your code with markdown would make it much more readable.

1 Answer

If possible, you should consider using AWS Control Tower which will set up and maintain the Log Archive account with consolidated CloudTrail logs for you ->

If that's not possible, I suggest following the documentation Receiving CloudTrail log files from multiple accounts.


answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions