search

duo-labs / cloudtracker

CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
BSD 3-Clause "New" or "Revised" License
887 stars 111 forks source link

Allow for Organization created trails #46

Open 0xdabbad00 opened 5 years ago

0xdabbad00 commented 5 years ago

Normal CloudTrail logs are stored in:

s3://my_log_bucket/OPTIONAL_PREFIX/AWSLogs/111111111111/CloudTrail/

Organization CloudTrail logs are stored in:

s3://my_log_bucket/OPTIONAL_PREFIX/AWSLogs/o-ORGANIZATION_ID/111111111111/CloudTrail/

I need to account for that o-ORGANIZATION_ID sub-directory.

One method may be to have in the config.yaml the full path to the CloudTrail logs, such as:


accounts:
  - name: demo
    id: 111111111111
    iam: account-data/demo_iam.json
    cloudtrail_logs: s3://my_log_bucket/OPTIONAL_PREFIX/AWSLogs/o-ORGANIZATION_ID/111111111111/CloudTrail/
``