Setting the CloudTrail S3 BucketĬloudTrail trails from every account you wish to monitor must be deposit their events into the newly created CloudTrail S3 bucket specified in the -ct_s3_bucket parameter above. You may use any name in the parameter (e.g. run_cloudformation.sh -profile= -stack_name= -cf_region= -cf_s3_bucket= -ct_s3_bucket= įor instructions on how to set up an AWS command line profile, see the AWS documentation. Note this role can be created in section AWS Organizations Master Account #2 Pass the role arn arn:aws:iam:::role/OrgListAccountsViewer to the -org_role parameter of the run_cloudformation.sh script.(Optional) If your aggregator account will not be your AWS Organizations master account: The CloudFormation stack will handle bucket creation.
Pass it to the -ct_s3_bucket parameter of the run_cloudformation.sh script.Įnsure a bucket with the same name does not already exist, or the CloudFormation stack will fail to create. The CloudFormation stack must be created in the same region as the aforementioned S3 bucket.Ĭhoose a free name for your CloudTrail S3 bucket. Pass the bucket name to the -cf_s3_bucket parameter of the run_cloudformation.sh script. Prerequisite StepsĬreate a S3 bucket in your central aggregator account to hold the CloudFormation stack template. The aggregator can be configured in two ways:Īggregator account is AWS Organizations master accountĪggregator account is NOT AWS Organizations master accountĮnsure you have permissions for creating requisite AWS resources including IAM roles and policies. This service uses a Hub (central aggregator account) and Spoke (member accounts) model.
AWS Support Cases Aggregator Architecture This allows users to easily discover and monitor all Support Cases within an organization. This is a simple CloudFormation-based serverless pipeline for collecting support case information from all users across an AWS Organization into a single database.
AWS Support Cases aggregation for a multi-account organization
0 kommentar(er)
