aws-break-glass-role icon indicating copy to clipboard operation
aws-break-glass-role copied to clipboard

Published 20 hours ago verified publisher icon awslabs

Signin for BreakGlass user is not logged in every region

Open RickS-C137 opened this issue 6 months ago • 3 comments

The actions the BreakGlass user does are logged in CloudTrail, but at least for the signin, this depends on the region. By default it's only logged, if the user signs in in us-east-1. All our resources are located in eu-central-1. If the user signs in there, nothing is logged. In my opinion it's not a good solution to just deploy the logging resources in every region, as the list of default regions is pretty long. They can not be disabled as it's very error prone, as one can easily forget a region.

Either an easy to deploy logging accross all regions needs to be added or a chance to limit the user to login in dedicated regions.

Our organisation is only active in one region, eu-central-1. IAM is a global service to it's logged in us-east-1.

### Tasks
- [ ] fix: extend region support for cloudtrail logs

RickS-C137 avatar Jan 03 '24 10:01 RickS-C137