- Newest
- Most votes
- Most comments
The recommendation would be to have API Gateway in account A, Kinesis Firehose in account A, and S3 target bucket + analytics in account B, you could find the example on how to achieve this here. The account A would also be charged by the usage of Kinesis Firehose. You could use tag-based cost allocation to know that cost in particular if you want to internally allocate that cost (although from my experience Firehose's cost shouldn't be too much to go through this hassle)
Thanks for the recommendation, we'll do that. Can you confirm it's not possible to send API Gateway's Access Logs to Firehose in a different account?
API Gateway doesn't allow direct cross-account pass role. At the moment they can only be sent to the same account (not cross-account). To have a centralized logging in a common account is to follow this pattern https://aws.amazon.com/solutions/implementations/centralized-logging/
Relevant content
- asked 23 days ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago