I'm trying to create an AWS Control Tower landing zone for my AWS organization, and am getting a message saying You must unsubscribe your organization from AWS CloudTrail so that AWS Control Tower can proceed. During the setup process, AWS Control Tower creates a new trail in the audit account that's part of your landing zone. How do I do this? Does this mean stopping all CloudTrail trails from sending logs, or is there an organization-wide setting to disable?
How do I unsubscribe my AWS organization from CloudTrail?
2.8k Views Asked by Celina At
1
There are 1 best solutions below
Related Questions in AMAZON-WEB-SERVICES
- "Access Denied" - User's Permissions to S3 Bucket
- Cohort analysis with Amazon Redshift / PostgreSQL
- Using Amazon KMS service on Heroku
- can't ssh in after cloning an EC2 instance on Amazon AWS
- Using HDFS with Apache Spark on Amazon EC2
- How can I access Mule ESB Community edition via browser?
- AWS EC2: Migrating from Windows to Linux Server
- AWS ELB Load Balancer: is it possible to set multiple session cookies?
- AWS Flow Framework: Can we run activity worker and activity task on different EC2 instances
- Unable to access files from public s3 bucket with boto
- Cloudfront stream only part of the video
- s3cmd not working as cron-task when echos/dates are added
- How to deploy django 1.8 on Elastic Beanstalk using Docker
- InstanceProfile is required for creating cluster - create python function to install module
- How to fix WordPress HTTPS issues when behind an Amazon Load Balancer?
Related Questions in AMAZON-CLOUDTRAIL
- Sending SNS notifications when there is an IAM Change
- Parse CloudTrail logs with Python
- Recover access logs of AWS before activate ClouldTrail
- How to read AWS CloudTrail JSON Logs into a pandas dataframe
- Audit Logging for AWS QuickSight
- Trigger alarm based on a rate-limit on S3 GetObject and DeleteObject requests
- ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)
- Log all requests made to DynamoDB
- Parse Additional Fields in ELK
- Fetching User Details for Triggered AWS Glue Job
- Create an Eventbridge rule from a Cloudtrail event in order to trigger a Lambda
- AWS RDS Creation Notification Mail using lambda function
- CloudTrail logs for Cross-Account Athena queries to remote Glue Data Catalogue
- Get real IAM username of the STS AssumeRole issuer
- Instace Type Change log
Related Questions in AWS-ORGANIZATIONS
- SCP - Deny all regions for all services except S3 and global services
- Which account does your CodeCommit reside in a multi-account setup?
- AWS Organization/IAM centralize roles and policies
- Create buckets in different accounts in organization
- AWS - Single occount (root user) with multiple Organizations
- AWS Cli calls in bash script variable assignment when sending parent-id/child-id
- AWS SCP Tag Enforcer failing
- Managing child accounts in AWS Organizations
- AWS Cost Explorer discrepancy for Root and linked account
- How can an SCP allow users to create buckets but deny making them public?
- in aws orgazination, use paginate to list all accounts
- AWS Organisations list_accounts returns accounts from non-org management account
- AWS Access environments in different Organizations using the same account
- i can't find the organisation i created in amazon work mails
- To by pass the SUSPENDED AWS accounts using AWS Organizations API
Related Questions in AWS-CONTROL-TOWER
- Control Tower Life Cycle Events
- AWS Enable EBS Encryption via cloudformation
- How do I use AWS Control Tower but ignore the AWS SSO feature in favor of a custom ADFS approach?
- Setting up individual developer accounts in AWS Landing zone seup
- AWS Control Tower failed to set up your landing zone completely: ... because the log group already exists
- How to run aws-nuke across 2 different AWS organizations
- "Templates with transforms requires capabilities: CAPABILITY_AUTO_EXPAND" During Control Tower Customization deployment
- AWS Control Tower Automation
- How do I unsubscribe my AWS organization from CloudTrail?
- AWS Control Tower and Organizations
- AWS Control Tower setup failed
- How to configure automate_aws_accounts_creation_sso_users_assignment.yaml to run in a region of my choice?
- Cannot provision Control Tower Account Factory SC Product via Terraform
- aws-controltower-GuardrailsComplianceAggregator does not have access to config data from enrolled accounts
- AWS CloudShell not working after creating a new account with Control Tower
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
AWS Control Tower needs trusted access to be disabled for both Cloudtrail and Config. To disable this you need to login into the Organization management account, and go to AWS Organizations > Services > Disable Config/Cloudtrail.
Trusted access enabled at an Organization level enables these services to inject service roles in all member accounts where they need to change something. Disabling this for Cloudtrail would result in the Organization trail not working anymore, however the master trail would still be intact. All shadow trails in member accounts would be disabled. AWS still allows you to search/filter/download cloudtrail management events in each of the member accounts for last 90 days, just that they wouldn't be transferred to a central s3 bucket for storage.