Have CloudTrail deliver log files from multiple AWS accounts into a Single S3 bucket

  • You can have CloudTrail deliver log files from multiple AWS accounts into a single S3 bucket.

  • For example, you have four AWS accounts with account IDs 111111111111, 222222222222, 333333333333, and 444444444444, and you want to configure CloudTrail to deliver log files from all four of these accounts to a bucket belonging to account 111111111111:

    1. Turn on CloudTrail in the account where the destination bucket will belong (111111111111 in this example).

    2. Update the bucket policy on your destination bucket to grant cross-account permissions to CloudTrail.

    3. Turn on CloudTrail in the other accounts you want (222222222222, 333333333333, and 444444444444 in this example).

    4. Configure CloudTrail in these accounts to use the same bucket belonging to the account that you specified in step 1 (111111111111 in this example).

  • The Log File Prefix is just optional and doesn't need to be identical to the name of the S3 bucket.

  • Ensure that each trail is active using the CloudTrail console and verify that the specified destination S3 bucket name is correctly configured.

PreviousSSL VPNNextTroubleshooting CMK issues in SSM Parameter Store

Last updated