You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* Ensure that the AWS Account you're in is the account you want to store the logs. Additionally, ensure that the AWS account you're in has access to the AWS Organizations information within your AWS environment.
206
206
* You may have to register your AWS account as a delegated administrator within AWS CloudFormation, in order to run this code in an AWS account of your choosing. Please see the following link for more details: [Register a delegated administrator](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-delegated-admin.html)
207
207
2. Within the AWS Console, go to AWS CloudFormation.
208
-
3. Within AWS CloudFormation, go to StackSets.
208
+
3.To deploy the IAM Permissions within all child accounts: Within AWS CloudFormation, go to StackSets.
209
209
4. Within the StackSets screen, select Create StackSet.
210
-
5. In Step 1, under Specify Template, selecte Upload a template file, and use the AWS CloudFormation template provided in the permissions folder. [Link to the file](https://github.com/awslabs/assisted-log-enabler-for-aws/blob/main/permissions/ALE_child_account_role.yaml)
210
+
5. In Step 1, under Specify Template, select Upload a template file, and use the AWS CloudFormation template provided in the permissions folder. [Link to the file](https://github.com/awslabs/assisted-log-enabler-for-aws/blob/main/permissions/ALE_child_account_role.yaml)
211
211
6. In Step 2, under StackSet Name, add a descriptive name.
212
212
7. In Step 2, under Parameters, add the parameters required:
213
213
* AssistedLogEnablerPolicyName: You can leave this default, but you can also change it if desired.
9. In Step 4, under Deployment targets, select the option that fits for your AWS Organization.
219
219
* If you Deploy to Organization, it will deploy to all AWS accounts except the root AWS account. If you want to include that one, you can either deploy the template to the root AWS account directly, or use the other option (details below).
220
220
* If you Deploy to organizational units (OUs), you can deploy directly to OUs that you define, including the root OU.
221
-
10. In Step 4, under Specify Regions, select US East (N.Virginia)
221
+
10. In Step 4, under Specify Regions, select US East (N.Virginia).
222
222
* There's no need to select multiple regions here. This template only deploys AWS IAM resources, which are Global.
223
223
11. In Step 4, under Deployment options, leave the default settings.
224
224
12. In Step 5, review the settings you've set in the previous steps. If all is correct, check the box that states "I acknowledge that AWS CloudFormation might create IAM resources with custom names."
225
225
* Once this is submitted, you'll need to wait until the StackSet is fully deployed. If there are errors, please examine the error and ensure that all the information from the above steps are correct.
226
-
13. Once the StackSet is successfully deployed, click on the icon for AWS Cloudshell next to the search bar.
226
+
13. To deploy the IAM Permissions within the AWS Account where Assisted Log Enabler for AWS is being ran: Within AWS CloudFormation, go to Stacks.
227
+
14. Within the Stacks screen, go to the Create Stack dropdown, and select With new resources.
228
+
15. In Step 1, select Upload a template file, select Choose File, and use the AWS CloudFormation template provided in the permissions folder. [Link to the file](https://github.com/awslabs/assisted-log-enabler-for-aws/blob/main/permissions/ALE_child_account_role.yaml)
229
+
16. In Step 2, under Stack Name, add a descriptive name.
230
+
17. In Step 2, under Parameters, add the parameters required:
231
+
* AssistedLogEnablerPolicyName: You can leave this default, but you can also change it if desired.
232
+
* OrgId: Provide the AWS Organization ID
233
+
* SourceAccountNumber: Provide the source AWS account number that the Assisted Log Enabler for AWS will be running.
234
+
18. In Step 3, add any tags that you desire, as well as any permissions options that you want to select.
235
+
* The service-managed permissions work just fine for Assisted Log Enabler for AWS, but you can use self-service permissions if desired.
236
+
19. In Step 5, review the settings you've set in the previous steps. If all is correct, check the box that states "I acknowledge that AWS CloudFormation might create IAM resources with custom names."
237
+
* Once this is submitted, you'll need to wait until the StackSet is fully deployed. If there are errors, please examine the error and ensure that all the information from the above steps are correct.
238
+
20. Once both the StackSet and Stack are successfully deployed, click on the icon for AWS Cloudshell next to the search bar.
227
239
* Ensure that you're in a region where AWS CloudShell is currently available.
228
-
14. Once the session begins, download the Assisted Log Enabler within the AWS CloudShell session.
240
+
21. Once the session begins, download the Assisted Log Enabler within the AWS CloudShell session.
For analysing logs created by Assisted Log Enabler for AWS, consider taking a look at the AWS Security Analytics Bootstrap, a tool that provides an Amazon Athena analysis environment that's quick to deploy, ready to use, and easy to maintain. [Link](https://github.com/awslabs/aws-security-analytics-bootstrap)
298
+
284
299
285
300
## Costs
286
301
For answers to cost-related questions involved with this solution, refer to the following links:
@@ -292,7 +307,7 @@ For answers to cost-related questions involved with this solution, refer to the
292
307
293
308
294
309
## Feedback
295
-
Please use the Issues section to submit any feedback, such as features or recommendations, as well as any bugs that are encountered.
310
+
Please use the [Issues](https://github.com/awslabs/assisted-log-enabler-for-aws/issues) section to submit any feedback, such as features or recommendations, as well as any bugs that are encountered.
0 commit comments