Stax provisions S3 buckets for storing AWS service logs as part of the Organization Assurance process. For each of these services a bucket is created in the logging account. Each S3 bucket has a corresponding SNS topic which allows for receiving notifications when files are created. Subscribe to SNS topics to integrate these logs with other systems.
Before You Begin
- Time to complete: 5 minutes
- Ensure you have access to log in to your organization's logging account with permissions to read content in S3 buckets
Locate the S3 Bucket and SNS Topic for a Service
Each S3 bucket and SNS topic resides in your logging account. If you cannot access the logging account, contact an administrator of your Stax tenancy.
Once logged into the logging account, you can proceed to locate the S3 bucket and/or SNS topic. These buckets and topics include, for uniqueness, the UUID (UUIDv4) which represents your organization identifier within Stax.
| AWS Service | S3 Bucket | SNS Topic |
|---|---|---|
| AWS Config | stax-config-<org-uuid> |
stax-config-<org-uuid> |
| AWS Systems Manager Session Manager | stax-session-manager-<org-uuid> |
stax-session-manager-<org-uuid> |
| AWS CloudTrail | stax-cloudtrail-<org-uuid> |
cloudtrail-<org-uuid> |
In each case above, the <org_uuid> placeholder is replaced by the UUID representing your Stax tenancy/AWS Organization within Stax.
The SNS topics for each service are encrypted using a KMS key with the same alias as the topic name.
Stax also provisions buckets which store the S3 access logs for these service buckets. This can be used to meet audit requirements. These are as follows:
| AWS Service | S3 Bucket |
|---|---|
| AWS Config Service | stax-config-accesslog-<org-uuid> |
| AWS Systems Manager Session Manager | stax-session-manager-accesslog-<org-uuid> |
| AWS CloudTrail | stax-cloudtrail-accesslog-<org-uuid> |