search

aws-samples / iam-identity-center-team

Open-source temporary elevated access solution for AWS IAM Identity Center.
https://aws-samples.github.io/iam-identity-center-team/
MIT No Attribution
285 stars 67 forks source link

CloudTrail Event Data Store #284

Open vforvarun opened 1 month ago

vforvarun commented 1 month ago

We are trying to setup CloudTrail Event Data Store (EDS) as a pre-requiste to deploy TEAM solution.

As suggested in the bug report #236, we are creating the EDS using CloudFormation.

  1. In which account do we need to create the EDS?
  2. Should we create a EDS at the organizational level? If yes, then, it needs to created either in the Master Account or in the delegated admin account outside of TEAM. But the pre-requisites says that the TEAM account is the deleted admin account.
  3. But then there is another bug #202, which prevents loading of the session logs if the EDS is created in an account other than the TEAM account.

So we are confused on how to create the EDS. The document is not very clear on what parameters to use to the EDS, can you please let us know what those are?

tawoyinfa commented 1 month ago

@vforvarun the EDS needs to be created in the same account where TEAM is deployed