Aws graylog pluging with multiple accounts


(Naggappan) #1

Hi I used graylog aws plugin and able to make it work. Now when I wanted to use the same gray log server from multiple accounts I tried the following,

crate a s3 bucket with permission from different accounts and that works.
Now all cloud trial logs comes to the above account, But graylog aws plugin needs sns also so I created a SNS topic with below permissions still when I enable cloud trial it acceps cross account s3 bucket but not the SNS

{
“Version”:“2012-10-17”,
“Id”:“AWSAccountTopicAccess”,
“Statement” :[
{
“Sid”:“give-1234-publish”,
“Effect”:“Allow”,
“Principal” :{
“AWS”:“My-different-account-id-from-where-cloud-trial-send-logs”
},
“Action”:[“sns:Publish”],
“Resource”:“arn:aws:sns:us-east-1:actual-account-id-graylog-server-use-this-credentials:my-topic”
}
]
}


(Jan Doberstein) #2

something like that is currently not supported. You can open a feature request over at github:


(Naggappan) #3

but in aws docs page it is saying cross account SNS is supported right?

So if this is not the case do you have any idea how can i get all logs to graylog from different account ?


#4

Hi, Try adding the account numbers in the basic tab,Only these AWS users, on the SNS Topic Policy, Allow these users to publish messages to this topic. Do this before specifying the SNS topic’s ARN in the Cloudtrail setup in the source account.


(Naggappan) #5

Hi I deleted my SNS toppic in my master account and then creatd a new one, In basic tab gave 2 AWS account ID’s.
Then in other aws account deleted the existing cloud trial and created a new one with this ARS as “arn:aws:sns:us-east-1:XXXXXXXX:mycustomer” or only with “mycustomer” still it says to check SNS topic policy.
Does AWS really support cross account SNS for cloud trial ?

Steps tried for policy as here: https://docs.aws.amazon.com/sns/latest/dg/AccessPolicyLanguage_UseCases_Sns.html


#6

This sort of centralized Logging in AWS works fine and is the suggested architecture put forward by AWS. Review the AWS documentation for
this at https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-permissions-for-sns-notifications.html


(system) #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.