停止在 aws 组织跟踪中记录特定帐户
[英]Stop logging specific accounts in aws organizational trail
问题描述
I have a CloudTrail trail for all accounts on my organization and want to stop logging for some of them.
我对我的组织中的所有帐户都有一个 CloudTrail 跟踪,并希望停止其中一些帐户的日志记录。 Is there any way to stop logging specific accounts not for all ?有没有办法停止记录特定帐户而不是所有人?
1 个解决方案
解决方案1
0 2022-05-16 12:51:46
Assuming from your question it seems like you're using centralized logging for CloudTrail.从您的问题假设,您似乎正在为 CloudTrail 使用集中式日志记录。
If this is the case then login into member accounts where you want to stop logging and delete the respective trail.如果是这种情况,请登录到您想要停止记录的成员帐户并删除相应的跟踪。 If the trail was enabled by cloudformation then delete the CF stack.如果跟踪由 cloudformation 启用,则删除 CF 堆栈。
After that Go to your centralized logging account --> S3 bucket where your member account trails are logged --> Edit bucket policy --> In the resource section remove the arn of the account where you deleted the trail.之后,转到您的集中式日志记录帐户-->记录您的成员帐户跟踪的 S3 存储桶-->编辑存储桶策略-->在资源部分中删除您删除跟踪的帐户的 arn。
If you're not using centralized logging then login into respective accounts nd delete the trails.如果您不使用集中式日志记录,则登录到相应的帐户并删除跟踪。 Empty the S3 bucket and delete the bucket if you don't need logs如果您不需要日志,请清空 S3 存储桶并删除存储桶
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.