个人中心
gpt4 book ai didi

aws-cloudformation - 使用 cloudform 模板的 cloudtrail 日志

转载 作者:行者123 更新时间:2023-12-02 16:51:40 28 4
gpt4 key购买 nike

在 cloud-trail 中,我可以在 CloudWatch Logs 部分下选择现有日志组 CloudTrail/DefaultLogGroup。是否可以使用cloudformation模板完成此步骤?

enter image description here

最佳答案

假设您也使用 CloudFormation 创建日志组:

LogGroup: # A new log group
  Type: AWS::Logs::LogGroup
  Properties:
    RetentionInDays: 365 # optional

CloudTrailLogsRole: # A role for your trail
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Statement:
      - Action: sts:AssumeRole
        Effect: Allow
        Principal:
          Service: cloudtrail.amazonaws.com
      Version: '2012-10-17'

CloudTrailLogsPolicy: # The policy for your role
  Type: AWS::IAM::Policy
  Properties:
    PolicyDocument:
      Statement:
      - Action:
        - logs:PutLogEvents
        - logs:CreateLogStream
        Effect: Allow
        Resource:
          Fn::GetAtt:
          - LogGroup
          - Arn
      Version: '2012-10-17'
    PolicyName: DefaultPolicy
    Roles:
    - Ref: CloudTrailLogsRole

CloudTrail: # The trail
  Type: AWS::CloudTrail::Trail
  Properties:
    IsLogging: true
    CloudWatchLogsLogGroupArn:
      Fn::GetAtt:
      - LogGroup
      - Arn
    CloudWatchLogsRoleArn:
      Fn::GetAtt:
      - CloudTrailLogsRole
      - Arn
  DependsOn:
  - CloudTrailLogsPolicy
  - CloudTrailLogsRole

如果使用现有日志组:

CloudTrailLogsRole: # A role for your trail
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Statement:
      - Action: sts:AssumeRole
        Effect: Allow
        Principal:
          Service: cloudtrail.amazonaws.com
      Version: '2012-10-17'

CloudTrailLogsPolicy: # The policy for your role
  Type: AWS::IAM::Policy
  Properties:
    PolicyDocument:
      Statement:
      - Action:
        - logs:PutLogEvents
        - logs:CreateLogStream
        Effect: Allow
        Resource: <your existing log group arn here>
      Version: '2012-10-17'
    PolicyName: DefaultPolicy
    Roles:
    - Ref: CloudTrailLogsRole

CloudTrail: # The trail
  Type: AWS::CloudTrail::Trail
  Properties:
    IsLogging: true
    CloudWatchLogsLogGroupArn: <your existing log group arn here>
    CloudWatchLogsRoleArn:
      Fn::GetAtt:
      - CloudTrailLogsRole
      - Arn
  DependsOn:
  - CloudTrailLogsPolicy
  - CloudTrailLogsRole

关于aws-cloudformation - 使用 cloudform 模板的 cloudtrail 日志,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58424540/

28 4 0
文章推荐: Angular Universal npm run serve :ssr returns "document is not defined"
文章推荐: react-native - 如何获取 Expo 静态深层链接进行开发?
文章推荐: angular - 防止值更改触发自动完成 setValue
文章推荐: jsf - PrimeFaces 7.0 Ajax 更新警告
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com