AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約

AWS report generation

0

Hi AWS, I have more than 15 accounts for which I need to generate the report in the excel file and these are:

  1. For all accounts the groups and IAM policies that apply to each group.
  2. For all accounts whether the Backup is enabled or not.
  3. For all accounts whether the Logging is enabled or not.

What do you suggest, writing a lambda function is a way to go as I have tried to generate using AWS Config conformance packs and it didn't generate any output for all the three requirements.

Please help

  • please accept the answer if it was useful for you

1回答
0
  1. In this post, we demonstrate how to automate and consolidate IAM credential reports for your AWS accounts using a scalable infrastructure as code (IaC) automation created through AWS CloudFormation. With this process, you can generate and download credential reports that list all of your IAM users and the status of their credentials, including passwords, access keys, and multifactor-authentication devices. https://aws.amazon.com/blogs/infrastructure-and-automation/automate-iam-credential-reports-at-scale-across-aws/
  2. You can use Organizational Backup policies and Backup Audit Manager https://aws.amazon.com/blogs/storage/automate-the-delivery-of-aws-backup-audit-manager-report-via-email/
  3. Depends on what types of logs you need. You can use managed Config Rules to check if logging is enabled, store results in S3 and after that parse them and generate the final report via Lambda https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
profile picture
エキスパート
回答済み 6ヶ月前
profile picture
エキスパート
レビュー済み 6ヶ月前
  • Hi Oleksii Bebych, I have one question if in case I want to provision the infrastructure using CloudFormation StackSet or Control Tower do I need to do something extra apart from setting up the prerequisites and also if I can get some more info for point 3.

  • in the Control Tower you will have AWS Config Aggregator (multi-account configuration) by default. You may look at Control Tower Controls (Guardrails) and find rules for logging. I assume they are optional.

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ