AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

AWS report generation

0

Hi AWS, I have more than 15 accounts for which I need to generate the report in the excel file and these are:

  1. For all accounts the groups and IAM policies that apply to each group.
  2. For all accounts whether the Backup is enabled or not.
  3. For all accounts whether the Logging is enabled or not.

What do you suggest, writing a lambda function is a way to go as I have tried to generate using AWS Config conformance packs and it didn't generate any output for all the three requirements.

Please help

  • please accept the answer if it was useful for you

1개 답변
0
  1. In this post, we demonstrate how to automate and consolidate IAM credential reports for your AWS accounts using a scalable infrastructure as code (IaC) automation created through AWS CloudFormation. With this process, you can generate and download credential reports that list all of your IAM users and the status of their credentials, including passwords, access keys, and multifactor-authentication devices. https://aws.amazon.com/blogs/infrastructure-and-automation/automate-iam-credential-reports-at-scale-across-aws/
  2. You can use Organizational Backup policies and Backup Audit Manager https://aws.amazon.com/blogs/storage/automate-the-delivery-of-aws-backup-audit-manager-report-via-email/
  3. Depends on what types of logs you need. You can use managed Config Rules to check if logging is enabled, store results in S3 and after that parse them and generate the final report via Lambda https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
profile picture
전문가
답변함 6달 전
profile picture
전문가
검토됨 6달 전
  • Hi Oleksii Bebych, I have one question if in case I want to provision the infrastructure using CloudFormation StackSet or Control Tower do I need to do something extra apart from setting up the prerequisites and also if I can get some more info for point 3.

  • in the Control Tower you will have AWS Config Aggregator (multi-account configuration) by default. You may look at Control Tower Controls (Guardrails) and find rules for logging. I assume they are optional.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠