Setting up audit archiving in AWS
After you set up a credential for audit event archiving, you need to configure CDP.
|Field name||General description||AWS|
|storage location||Where in cloud storage to save audit events||S3 bucket name|
|credential||Name of the credential to use when writing to cloud storage||credential name as saved in the control plane|
|enabled||A Boolean indicating whether archiving is enabled||true|
|storage region||Region where storage services should be accessed||AWS region, e.g., us-west-2|
Create the credential for audit event archiving before configuring archiving itself. The credential is not tied to an environment, and exists outside of any environment, like the control plane itself. The associated role / permissions require only write access to the storage location, including the ability to create files and folders.
The storage region is the region where the audit service (the control plane) accesses the cloud provider's storage service. For best results, this should be the same as the region where the control plane is running (for AWS-hosted audit archives, use the home region for the bucket."). It does not have to be the same as the storage location's region.
cdp audit configure-archiving \ --storage-location <$MYBUCKET> \ --credential-name myauditcredential \ --storage-region <$HOME_REGION> --enabled
- To disable archiving while retaining the other configuration information, use the
--no-enabledoption instead of the
- To only verify that the archiving configuration should work, but to not set it, use
--verify-onlyoption. The audit service attempts to archive a test audit event to verify that the configuration will work.
- To retrieve the current archiving configuration, use a command line like the
following. (There are no required options.)
cdp audit get-archiving-config