In circumstances where you have multiple AWS accounts, you will want to implement a level of management and control. Thankfully, with AWS CloudTrail, you can consolidate logs from multiple accounts into a single S3 bucket, thereby reducing the amount of administrative effort needed to manage them:
Before you begin, ensure that you have created a trail as shown in the previous demonstration in this chapter, with its target set as the required S3 bucket.
- Log in to your AWS Management Console in the account that owns the S3 bucket.
- Navigate to S3 via the AWS Management Console dashboard and select the S3 bucket that you want to act as the central bucket for other AWS accounts. In this example, I have the cloudtraillogbucketstu bucket:
- Select the Permissions tab:
- Now select Bucket Policy:
- From here, you need to edit the policy to allow your other AWS accounts to access this bucket...