Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

The landing zone accelerator, log everything to centralized logging account by default so what does "enable" parameter does.

0

In the landing zone configuration reference, there is a config parameter called "enable" and the description written as this. "Enable or disable CloudWatch replication" What does that mean. I checked the s3 bucket in central log account and all the buckets are already created and the logs are being stored there. So what does this enable ?

Temas
Seguridad, identidad y cumplimientoInfraestructura como código
Etiquetas
Landing Zone Accelerator en AWS
Idioma
English
Aman Singh
preguntada hace 5 meses225 visualizaciones
1 Respuesta
0

I believe this streams all cloud watch log groups in core and workload accounts to kinesis firehouse and then stores them in the central s3 bucket.

Via a cloud formation stack It deploys a lambda function and cloud watch event to monitor for new log group creation at which point it configures retention, kms and filtering to firehouse.

profile picture
EXPERTO
Gary Mclean
respondido hace 5 meses
  • Aman Singh
    hace 5 meses

    Yeah this is mentioned in document, but it seems LZA does this by default. So what this "enable" config property do on top of it ?

  • Gary Mclean EXPERTO
    hace 5 meses

    I’d have to read all the CF config but I assume if you set it to false it will not setup all or part of the central cloud watch log replication. Ie it will not configure cloud watch log streaming via kineses. I believe it’s true by default.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante