AWS Control Tower Landing Zone logging configuration
Remarks
This allows you to manage logging options for the landing zone.
In the log configuration section, you can configure the retention time of the Amazon S3 log archive bucket, and the retention time of the logs for access to the bucket.
Please use the following configuration to configure AWS Control Tower Landing Zone logging configuration, with organization-level AWS CloudTrail configuration.
Retention time of the logs for access to the bucket.
Default
3650
ReadonlyloggingBucketRetentionDays
loggingBucketRetentionDays:number = 365
Retention time of the Amazon S3 log archive bucket
Default
365
ReadonlyorganizationTrail
organizationTrail:boolean = true
Flag indicates Organizational-level AWS CloudTrail configuration is configured or not.
Remarks
It is important to note that the CloudTrail configured by AWS Control Tower at the organization level is different from the CloudTrail deployed by the solution. In the event that AWS Control Tower and Solution defined CloudTrail are enabled, two cloud trails will be created.
GlobalConfig / ControlTowerConfig / ControlTowerLandingZoneConfig / ControlTowerLandingZoneLoggingConfig
Description
AWS Control Tower Landing Zone logging configuration
Remarks
This allows you to manage logging options for the landing zone. In the log configuration section, you can configure the retention time of the Amazon S3 log archive bucket, and the retention time of the logs for access to the bucket.
Please use the following configuration to configure AWS Control Tower Landing Zone logging configuration, with organization-level AWS CloudTrail configuration.
Example