To configure archiving, you must set up a credential for audit event archiving and then
configure CDP.
You must have the cross-account role ARN obtained in the
previous task to finish setting up an AWS credential for audit event archiving.
Complete this task before you configure audit archiving. The
audit credential that you create here is not tied to an environment, and exists outside of any
environment, like the control plane itself. The associated role / permissions require write
access to the storage location, including the ability to create files and
folders.Required Role:
PowerUser
-
Use the following commands to create a new audit credential:
cdp environments set-aws-audit-credential \
--role-arn arn:aws:...
The role-arn information was provided when you created an IAM role.
You can view
audit credentials with this
command:
cdp environments list-audit-credentials
- Make note of the credential name created by the command.
Proceed to Setting up audit archiving in AWS using the
CLI to complete the audit archiving setup.
