En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation

AWS report generation

0

Hi AWS, I have more than 15 accounts for which I need to generate the report in the excel file and these are:

  1. For all accounts the groups and IAM policies that apply to each group.
  2. For all accounts whether the Backup is enabled or not.
  3. For all accounts whether the Logging is enabled or not.

What do you suggest, writing a lambda function is a way to go as I have tried to generate using AWS Config conformance packs and it didn't generate any output for all the three requirements.

Please help

  • please accept the answer if it was useful for you

1 réponse
0
  1. In this post, we demonstrate how to automate and consolidate IAM credential reports for your AWS accounts using a scalable infrastructure as code (IaC) automation created through AWS CloudFormation. With this process, you can generate and download credential reports that list all of your IAM users and the status of their credentials, including passwords, access keys, and multifactor-authentication devices. https://aws.amazon.com/blogs/infrastructure-and-automation/automate-iam-credential-reports-at-scale-across-aws/
  2. You can use Organizational Backup policies and Backup Audit Manager https://aws.amazon.com/blogs/storage/automate-the-delivery-of-aws-backup-audit-manager-report-via-email/
  3. Depends on what types of logs you need. You can use managed Config Rules to check if logging is enabled, store results in S3 and after that parse them and generate the final report via Lambda https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
profile picture
EXPERT
répondu il y a 6 mois
profile picture
EXPERT
vérifié il y a 6 mois
  • Hi Oleksii Bebych, I have one question if in case I want to provision the infrastructure using CloudFormation StackSet or Control Tower do I need to do something extra apart from setting up the prerequisites and also if I can get some more info for point 3.

  • in the Control Tower you will have AWS Config Aggregator (multi-account configuration) by default. You may look at Control Tower Controls (Guardrails) and find rules for logging. I assume they are optional.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions