I'm trying to create an AWS Control Tower landing zone for my AWS organization, and am getting a message saying You must unsubscribe your organization from AWS CloudTrail so that AWS Control Tower can proceed. During the setup process, AWS Control Tower creates a new trail in the audit account that's part of your landing zone. How do I do this? Does this mean stopping all CloudTrail trails from sending logs, or is there an organization-wide setting to disable?
How do I unsubscribe my AWS organization from CloudTrail?
2.8k Views Asked by Celina At
1
There are 1 best solutions below
Related Questions in AMAZON-WEB-SERVICES
- S3 integration testing
- How to get content of BLOCK types LAYOUT_TITLE, LAYOUT_SECTION_HEADER and LAYOUT_xx in Textract
- Error **net::ERR_CONNECTION_RESET** error while uploading files to AWS S3 using multipart upload and Pre-Signed URL
- Failed to connect to your instance after deploying mern app on aws ec2 instance when i try to access frontend
- AWS - Tab Schema Conversion don't show up after creating a Migration Project
- Unable to run Bash Script using AWS Custom Lambda Runtime
- Using Amazon managed Prometheus to get EC2 metrics data in Grafana
- AWS Dns record A not navigate to elb
- Connection timed out error with smtp.gmail.com
- AWS Cognito Multi-tenant Integration | Ok to use Client’s Idp?
- Elasticbeanstalk FastAPI application is intermittently not responding to https requests
- Call an External API from AWS Lambda
- Why my mail service api spring isnt working?
- export 'AWSIoTProvider' (imported as 'AWSIoTProvider') was not found in '@aws-amplify/pubsub'
- How to take first x seconds of Audio from a wav file read from AWS S3 as binary stream using Python?
Related Questions in AMAZON-CLOUDTRAIL
- Is there any way I could generate an automatic csv file of the CloudTrail events for one day only?
- How to see IAM EventName CreateUser & DeleteUser in CloudTrail?
- getting [ERROR] IndexError: list index out of range in lambda while trying to fetch InstanceId from RunInstance cloudtrail json log
- cloudwatch alarms: include event details in a notification
- Get real IAM username of the STS AssumeRole issuer
- CloudTrail logs for Cross-Account Athena queries to remote Glue Data Catalogue
- AWS RDS Creation Notification Mail using lambda function
- Create an Eventbridge rule from a Cloudtrail event in order to trigger a Lambda
- Parse Additional Fields in ELK
- Fetching User Details for Triggered AWS Glue Job
- Convert Cloudtrail Logs to Parquet with AWS Glue
- AWS how do I get notified when lambda is disabled | Alert when lambda trigger get enable or disable
- Passing metadata of trigger to ECS task -fargate- from S3 via Eventbridge
- Can't Retrieve Logs by Tenant ID: Lambda Promtail Logs Loki/Grafana
- AWS cloudtrail with S3 data events enabled create logging loop
Related Questions in AWS-ORGANIZATIONS
- AWS Organization - Why do I get "You have exceeded the allowed number of AWS accounts." error even though I've only added 2 accounts?
- AWS Backup not creating backups with AWS Organizations
- AWS Backup Account Terraform Policy Creation Issue: AccessDeniedException
- AWS Organisation 'Service Access Policy' Deny ability to delete S3 bucket EXCEPT for user identified in 'Condition' using aws:username
- Terraform Cloud + OIDC AWS + assume role
- AWS Cli calls in bash script variable assignment when sending parent-id/child-id
- AWS - Single occount (root user) with multiple Organizations
- Create buckets in different accounts in organization
- AWS Organization/IAM centralize roles and policies
- Which account does your CodeCommit reside in a multi-account setup?
- SCP - Deny all regions for all services except S3 and global services
- Can't access S3 bucket as root
- How can I add AWS QuickSight access to the SCPs controlled by Control Tower?
- Consolidating All AWS Member Account Health Notifications and sending it to SNS endpoint using Lambda Function
- Delete config conformance pack from one of the account under organization
Related Questions in AWS-CONTROL-TOWER
- Enrolling AFT-Provisioned Account in a Child OU
- AWS Amplify CLI S3 Properties Contradicts AWS Control Tower Recommendation
- How can I add AWS QuickSight access to the SCPs controlled by Control Tower?
- AWS Control Tower error create account using AWS Control Tower
- AWS SCP to mandate rds encryption with cmk
- AWS Control Tower and KMS Keys
- Control Tower Failing to Re-Register OU and even Account Enrollment
- Implement AWS Cost allocation tags via Account factory for terraform(AFT) or Landing zone accelerator(LZA)
- Baseline Config not deployed in Control Tower regions
- Aws config vs detective guardrails
- Enforce AWS::ElasticLoadBalancingV2::Listener + TLS >= 1.2
- AWS Control Tower could not delete some account trails error
- How to use CloudWatch after Control Tower version 3.0 update
- How do I edit a bucket policy deployed by organizational-level CloudTrail
- AWS CloudShell not working after creating a new account with Control Tower
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
AWS Control Tower needs trusted access to be disabled for both Cloudtrail and Config. To disable this you need to login into the Organization management account, and go to AWS Organizations > Services > Disable Config/Cloudtrail.
Trusted access enabled at an Organization level enables these services to inject service roles in all member accounts where they need to change something. Disabling this for Cloudtrail would result in the Organization trail not working anymore, however the master trail would still be intact. All shadow trails in member accounts would be disabled. AWS still allows you to search/filter/download cloudtrail management events in each of the member accounts for last 90 days, just that they wouldn't be transferred to a central s3 bucket for storage.