Set CloudTrail logging bucket to custom S3 bucket

CloudTrail logs are generally sent to an S3 bucket within the same account. However, policies in Turbot allow organizations to customize the bucket that CloudTrail is sending logs to. The bucket can be within the same account or in a separate account.

  1. Navigate to Turbot and drill down to the account that will be sending CloudTrail logs
  2. Find the policy AWS > CloudTrail > Turbot S3 Bucket Name Template in the policy tab
  3. Create a new exception and input the logging bucket name as the value for the policy
  4. Click create
  5. Click on the controls tab. A control signaling the CloudTrail log change will appear and should clear within ten seconds. 
  6. In the bucket that is receiving logs, the following policies must be set. If they are not listed, it can be left as default:

         Bucket policy

       

         Access control list -> S3 log delivery group

         Public access settings:

Important to note that unless the bucket settings and policy is set correctly, the control in alarm will not clear. Once the bucket settings are correct, the control generally goes into the OK state within 10 seconds.

 

If any questions or issues arise, contact help@turbot.com for support.

 

Was this article helpful?
0 out of 0 found this helpful