Create a Data Bunker Account

Last Updated: September 2020

Author: Byron Pogson, Solution Architect


In this lab we will create a secure data bunker. A data bunker is a secure account which will hold important security data in a secure location. Ensure that only members of your security team have access to this account. In this lab we will create a new security account, create a secure S3 bucket in that account and then turn on CloudTrail for our organisation to send these logs to the bucket in the secure data account. You may want to also think about what other data you need in there such as secure backups.

If you are using AWS Control Tower the steps in this lab cover what has already been configured for the Control Tower Log Archive Account.

Data bunker account structure


  • A multi-account structure with AWS Organizations
  • You have access to a role with administrative access to the management account for your AWS Organization