tencent cloud

Feedback

Deliver Audit Logs to the Delegated Admin Account

Last updated: 2024-11-19 17:35:12

    Operation Scenarios

    Tencent Cloud supports the unified delivery of member account logs to the delegated administrator account to meet the demand of managing logs with independent account. This section introduces how to set up cross-account log delivery to the delegated administrator account in Landing Zone.

    Prerequisites

    1. The current account has logged in to the Tencent Cloud Console and entered the Control Center > Landing Zone page.
    2. You've successfully created a member account, or invited a member account to join the group. This will serve as the future log management account.
    3. You've already activated the Control Center successfully.

    Steps

    1. Navigate to the Organization service management page under Tencent Cloud Organization and click Add in the Config.
    
    
    
    Note:
    As the Control Center is associated with the configuration capabilities of other cloud products, the authorized use of delegated administrators will bring about the problem of permission amplification. The delegated administrator portal will be removed from the Control Center in the future. To ship audit logs in a unified manner, you only need to add a delegated administrator under Config and CloudAudit.
    2. Select the member account to be used as the log management account and click OK to complete the delegation. The CloudAudit service also needs an administrator to be delegated following this process. This section takes a Logging_account as an example for the log management account.
    
    3. Verify that the log management account 'Logging_account' already has a COS bucket for storing logs and copy the name of the COS bucket. If you don't have a bucket, please refer to the Creating Bucket document for creation.
    
    
    
    4. Navigate to Control Center > Landing Zone page, in the settings for the log delivery, choose an existing storage bucket (in delegated administrator account), select the delegated administrator 'Logging_account', then input the information of the existing COS bucket.
    
    
    
    5. After confirmation click Next: Preview, and you will navigate to the solution preview page.
    6. Once the solution preview is confirmed, click Start Execution to complete the CloudAudit log delivery.
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support