- 最新
- 最多得票
- 最多評論
Hello,
It is indeed possible to create an advanced event selector for your Organization-wide Cloudtrail, to exclude logging of data events for a specific S3 bucket, that is located in a member AWS account.
In order to achieve the same, you would generally follow the same steps as outlined here[1] via the Cloudtrail management Console, however, you would need to specify the S3 bucket ARN and include the trailing slash, if you use the "resources.ARN" Field Selector, instead of selecting the "Browse" button, as selecting the "Browse" button only lists the S3 buckets that is located in the Organization Management, which is similar to viewing S3 buckets via the S3 management Console when you are logged into the Organization Management Account.
For example, you would use the following S3 ARN format, together with the "notStartsWith" operator, in order to exclude the logging of data events (object-level activities), for a specific S3 bucket located in the member AWS Account:
- arn:aws:s3:::<bucket_name>/
The reason for the above is that if you enable data events for S3, then you are essentially logging data events for the resource type "AWS::S3::Object" and the ARN format for this resource type would commonly be the following[2]:
- arn:aws:s3:::<bucket_name>/
- arn:aws:s3:::<bucket_name>/<object_prefix>/
If you try to specify the ARN of the S3 bucket, without the trailing slash, in the advanced event selector for S3 data events, then you are essentially specify the ARN for the resource type "AWS::S3::Bucket" and not for the "AWS::S3::Object" resource type. This would explain the error "S3 ARN is not valid" that was returned, as the expected ARN format would be the ARN format for the resource type "AWS::S3::Object".
[1] Logging data events - Logging data events with the AWS Management Console - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events-console
[2] AdvancedFieldSelector - Contents (see sub-header "resources.ARN") - https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html#API_AdvancedFieldSelector_Contents
I sincerely hope the above helps.
相關內容
- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前