![]() ![]() Create a "access-id" bucket in "production", in this bucket, you will create four files, "source_client_id", "source_client_key", "dest_client_id", "dest_client_key". You can control access permission by creating bucket policy and IAM policy.Ĥ. Make sure "source_client" has read-only access to "access-logs" and "dest_client" has write-only access to "audit-access-logs". Create two IAM users, "source_client" (in production account) and "dest_client" (in audit account), "source_client" will be used for read access logs in "acess-logs" bucket, and "dest_client" can be used for uploading logs to "audit-access-logs". Create destination bucket - "audit-access-logs" in "audit" accountģ. Create source bucket - "access-logs" in "production" accountĢ. That's where the AWS lambda function comes in.ġ. In your production account you have a s3 bucket called "access-logs" which stores all your important access logs, and you want to copy these logs file over to "audit" account - "audit-access-logs" bucket, and also setup a trigger (whenever there are changes in access-logs, the same change can be mirrored in audit-access-logs bucket). For example, you have two AWS account, one is your "production" account and the other is your "audit" account. Sometimes it is necessary to do a AWS s3 cross accounts bucket replication. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |