Centralized audit log delivery to a log archive account - Cloud Governance Center

Deliver ActionTrail and Cloud Config audit logs from all member accounts in your resource directory to a dedicated log archive account. Store logs in OSS for archival or SLS for real-time analysis.

Background

Log delivery to OSS or SLS incurs storage costs. Review the OSS Billing Overview or SLS Billing Overview.

Set up unified ActionTrail log delivery

Deliver management events from all member accounts in your resource directory to OSS or SLS.

Log on to the Cloud Governance Center console.
In the left-side navigation pane, choose Landing Zone > Landing Zone Setup.
Select a blueprint and click Build.

This example uses the standard blueprint.
On the Configure Blueprint page, in the Added Items section, click Unified Delivery of ActionTrail Logs.

Note
If the target item is not in the Added Items list, click Add Item to add it.
From the Accounts drop-down list, select the target account for log delivery.

By default, audit logs are delivered to the log archive account created in Step 3: Create core accounts.

Enable your desired destination and configure its parameters.

Destination	Manual configuration	Automatic configuration
Deliver to SLS	Region: Region of the SLS Logstore. Logstore Name: A globally unique name. Use your company name as a prefix, such as landingzone-actiontrail-xxxx.	Cloud Governance Center automatically creates a multi-account trail (landingzone-enterprise) that tracks all event types across all regions. Note An existing multi-account trail in ActionTrail is reused.
Deliver to OSS	Region: Region of the OSS bucket. Bucket Name: A globally unique name. Use your company name as a prefix, such as landingzone-actiontrail-xxxx.

Set up unified Cloud Config log delivery

Continuously deliver resource change data from all member accounts in your resource directory to OSS or SLS.

Log on to the Cloud Governance Center console.
In the left-side navigation pane, choose Landing Zone > LandingZone Setup.
Select a blueprint and click Build.

This example uses the standard blueprint.
On the Configure Blueprint page, in the Added Items section, click Unified Delivery of Cloud Config Logs.

Note
If the target item is not in the Added Items list, click Add Item to add it.
From the Accounts drop-down list, select the target account for log delivery.

By default, audit logs are delivered to the log archive account created in Step 3: Create core accounts.

Enable your desired destination and configure its parameters.

Destination	Manual configuration	Automatic configuration
Deliver to SLS	Region: Region of the SLS Logstore. Logstore Name: A globally unique name. Use your company name as a prefix, such as landingzone-config-xxxx. Data retention period: Retention period for audit logs in SLS. Logs are deleted after expiration.	Cloud Governance Center automatically creates a global account group (enterprise) to centrally manage resources, conformance packs, and rules across all member accounts. Note An existing global account group in Cloud Config is reused.
Deliver to OSS	Region: Region of the OSS bucket. Bucket Name: A globally unique name. Use your company name as a prefix, such as landingzone-config-xxxx.

Manage log delivery configurations

After initial setup, modify delivery destinations and parameters as needed, such as enabling or disabling a destination or changing the OSS bucket or SLS Logstore.

Log on to the Cloud Governance Center console.
In the left-side navigation pane, choose Multi-account Management > LogArchive.
Click Edit next to the destination that you want to modify.
Modify the destination and parameters, and then click OK.