Create a Data Bunker Account
Last Updated: September 2020
Author: Byron Pogson, Solution Architect
Introduction
In this lab we will create a secure data bunker. A data bunker is a secure account which will hold important security data in a secure location. Ensure that only members of your security team have access to this account. In this lab we will create a new security account, create a secure S3 bucket in that account and then turn on CloudTrail for our organisation to send these logs to the bucket in the secure data account. You may want to also think about what other data you need in there such as secure backups.
If you are using AWS Control Tower the steps in this lab cover what has already been configured for the Control Tower Log Archive Account.
Prerequisites
- A multi-account structure with AWS Organizations
- You have access to a role with administrative access to the management account for your AWS Organization
Costs
- Typically less than $1 per month if the account is only used for personal testing or training, and the tear down is not performed
- Amazon S3 pricing Amazon CloudFront Pricing
- AWS CloudTrail pricing
- AWS Pricing