Creating Audit and Log Archive AWS Accounts
You will need to create Audit and Log Archive accounts inside AWS Organizations. (Citadel uses AWS Organizations to manage your AWS accounts.)
Follow these steps to get started with AWS and to create a single AWS account.
Creating an AWS account within your AWS Organizations
To start, sign in to the AWS console by clicking here.
(You must sign in as a user with AWS Organizations management permissions or as root user.)
Once logged in, you can create member accounts that are immediately associated with your AWS Organizations.
The information listed below is automatically copied from the management account to the new member account:
- Account name
- Phone number
- Company name
- Customer URL
- Company contact email
- Communication language
- Marketplace (vendor of the account in some AWS Regions)
To create a member account in your organization, you must have the following permissions:
organizations:DescribeOrganization– required only when using the Organizations console
iam:CreateServiceLinkedRole(granted to principal organizations.amazonaws.com to enable creating the required service-linked role in the member accounts).
- Access to the AWS Management Console
To create an AWS account that is automatically part of your organization, go to AWS Organizations > AWS accounts, and click ‘Add an AWS Account’, seen below:
Creating the Audit AWS Account
Under the ‘Add an AWS Account’ form, fill out the items shown below:
- For AWS account name, enter Audit or a similar name
- For Email address of the account's owner, enter the email address of the account's owner. This email address cannot already be associated with another AWS account because it becomes the user name credential for the root user of the account. Follow these instructions to set your email
- For IAM role name, leave it as default
After the account is created, under Organizations you should see a new account there with the name chosen. Copy the Account ID to a safe location because we will need this later when setting up Citadel.
Creating the Log Archive AWS Account
Follow the same instructions as creating the Audit account, except that:
- For AWS account name, enter Log Archive or a similar name
After the account is created, under Organizations you should see a new account there with the name chosen. Copy the Account ID to a secure location because we will need it later when setting up Citadel.