Collecting Operation Logs Across Accounts Using CTS

Application Scenarios

Enterprises typically use different accounts to isolate different services and functions on the cloud. However, it is difficult for compliance auditors to obtain operation records for each service in an environment with multiple accounts. Collecting all the logs generated by all of the different accounts is time-consuming and error-prone.

This section describes how to aggregate operation audit logs of multiple accounts in an organization into the log archive account using an Organizations' trusted service.

Configuring CTS as a Trusted Service

1. Log in to Huawei Cloud as an organization administrator or using the management account and navigate to the Organizations console.
2. In the navigation pane, choose Services. On the displayed page, locate CTS and click Enable Access in the Operation column to configure CTS as a trusted service.
3. Locate CTS and click Specify Delegated Administrator in the Operation column. In the displayed dialog box, select the log archive account to set a delegated administrator for CTS.

Configuring an Organization Tracker

1. Log in to the management console as the delegated administrator (log archive account) and navigate to the CTS console.
2. In the navigation pane, choose Tracker List and click Enable CTS in the upper right corner. The system automatically creates a management tracker called system. For details about how to enable CTS, see Enabling CTS for the First Time.
3. In the tracker list, locate tracker system and click Configure in the Operation column.
4. On the Modify Tracker page, toggle on Apply to Organization and click Next.
5. On the Configure Tracker page, toggle on Transfer to OBS and select the log bucket created by the log archive account.
6. Click Next and click Configure. The organization tracker is configured.