By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Where are global service logs created?

0

I have a cloudtrail trail that is global and collecting events across my organisation's accounts.

I don't use US-East-1, but I've noticed that there are events in US-East-1. The only information I can find on why that might be occurring is that that region contains the control panes for several AWS Services I use. IAM & Route53. It's not clear in the docs I've seen, but I'm assuming that these events are occurring because while I might be accessing the data plane in my region, creating events in that region, events are created in the control plane region.

Is that correct or is there more to it?

Topics
Developer ToolsManagement & GovernanceNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
Monitoring & LoggingAmazon Route 53AWS IAM Identity CenterAWS CloudTrailAvailability
Language
English
rePost-User-2791811
asked a year ago312 views
2 Answers
1

You are correct that some AWS services have control planes located in specific regions, and the global service logs for those services are created in the region where the control plane is located.

For example, IAM has a control plane located in the US East (N. Virginia) region, and the global service logs for IAM are created in that region. Similarly, Route 53 has a control plane located in the US East (N. Virginia) region, and the global service logs for Route 53 are also created in that region.

When you use a service like CloudTrail to collect events across your organization's accounts, the global service logs for services with control planes in US East (N. Virginia) will be created in that region, even if the data plane events are created in other regions.

It's worth noting that not all AWS services have control planes located in US East (N. Virginia), so the global service logs for those services may be created in different regions. Additionally, some services may have multiple control planes located in different regions, so the global service logs for those services may be created in multiple regions.

hash
answered a year ago
  • rePost-User-2791811
    a year ago

    Is this documented somewhere? It would be really useful for me to have a clearly documented source?

0

There really isn't much more to it. Global services like IAM & Route53, due to their nature, do not have independent control and or data planes in every region [1], so those CloudTrail Events for those services will reflect that.

[1] https://docs.amazonaws.cn/en_us/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html

AWS
rePost-User-6139432
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content