- 最新
- 投票最多
- 评论最多
CloudTrail now supports Delegated admin capability. You may create an organization level Lake now from the designated Delegated admin account. https://aws.amazon.com/about-aws/whats-new/2022/11/aws-cloudtrail-delegated-account-support-aws-organizations/
Correct, it must be created from the management account as it's for centralized management collecting events from all of the AWS Account in an AWS Org setup. In terms of support for this feature, there'e an open feature enhancement requesting this for future releases.
hey @gokultn trying to create an Org Lake in a delegated admin account but still get messaging saying I must be signed in from management account when I hit create button after selecting include all org events. Is any particular IAM permission also needed?
actually I think its a bug, you cannot change an existing event data store to capture events from all accounts after becoming a delegated admin (even tho console gives you the option to). you can create a new event data store that does capture from all accounts though.
