- A company uses multiple AWS accounts in a single AWS Region.
- A solutions architect is designing a solution to consolidate logs generated by Elastic Load Balancers (ELBs) in the AppDev, AppTest and AppProd accounts.
- The logs should be stored in an existing Amazon S3 bucket named s3-eib-logs in the central AWS account.
- The central account is used for log consolidation only and does not have ELBs deployed.
Solution:
Update the S3 bucket policy for the s3-elb-logs bucket to allow the s3 PutBucketLogging action for the central AWS account ID
My Doubt:
Here, s3 PutBucketLogging
will only allow central AWS account to enable or modify the bucket logging configuration for the "s3-eib-logs" bucket. How the s3 PutBucketLogging
will allow to store consolidated logs from ELBs into the "s3-eib-logs" bucket?