Configuring audit event archiving through the UI

To configure archiving, you must create an AWS IAM role specifically for audit event archiving. Then create an audit credential using the cross-account role ARN.

In AWS, create a new S3 bucket or designate an existing bucket for audit archiving. Be sure to block all public access. Audit events will be archived under the /cdp/cp folder, which will be created automatically by CDP.
  1. Log in to the CDP interface.
  2. In the left-side navigation menu, click Global Settings > Audit Data Configuration and then click Create.
  3. Select the AWS icon.
  4. Copy the cross-account access policy provided to you in the Create Cross-account Access Policy field, substituting your bucket name where indicated.
  5. From the AWS account hosting the bucket, create an IAM role for another AWS account, in this case, for the account running the CDP Control Plane.
    Include the policy that you copied as the only one in the role.

    For detailed instructions on creating an AWS IAM cross-account role, see Create a cross-account IAM role, starting with "1. Log into the AWS Management Console." Although the audit event archiving credential requires a unique policy and cross-account Role ARN, the process is largely the same as creating a role-based credential during environment registration.

  6. When you finish creating the new cross-account policy and role in AWS, copy the Role ARN from the Role Summary page in the AWS Management Console and return to CDP. Paste the Role ARN into the Cross-account role ARN field.
  7. Click Create.
  8. Configure the audit data location with the name of the S3 bucket that you designated as the audit archive bucket.
  9. Select the AWS region where storage services should be accessed.
  10. Use the toggle button to enable or disable audit log export to the configured storage location.
  11. Click Save.
Audit event archiving configuration is complete.