Hacker News new | ask | show | jobs
by spaghetti-guy 2536 days ago
Had a similar issue with CloudTrail logs. These are delivered to your S3 bucket but the objects are owned by AWS's 'CloudTrail account'. This means you can't drop the logs into your security account and then query them with Athena from another account. Took ages to figure that out.
1 comments
jasonpeacock 2536 days ago
I'm doing/fixing the same thing with the Cost Usage Reports.

It feels like a common pattern to consolidate your logs into a single account for analysis, I wish they made it more straightforward to setup.

link
spaghetti-guy 2535 days ago
We haven't really dug in to analyzing those outside of cost explorer yet but that makes sense.

One workaround I've heard of is S3 replication. I've not tried it yet but apparently the replica has the 'correct' ownership.

link
spydum 2536 days ago
Isn’t that one part of what control tower does now?
link
kevinslin 2535 days ago
yep. control tower creates centralized logging, scp rules and more. what used to take a dev a couple weeks to set up can now be done with a few clicks
link