aws-break-glass-role
aws-break-glass-role copied to clipboard
Signin for BreakGlass user is not logged in every region
The actions the BreakGlass user does are logged in CloudTrail, but at least for the signin, this depends on the region. By default it's only logged, if the user signs in in us-east-1. All our resources are located in eu-central-1. If the user signs in there, nothing is logged. In my opinion it's not a good solution to just deploy the logging resources in every region, as the list of default regions is pretty long. They can not be disabled as it's very error prone, as one can easily forget a region.
Either an easy to deploy logging accross all regions needs to be added or a chance to limit the user to login in dedicated regions.
Our organisation is only active in one region, eu-central-1. IAM is a global service to it's logged in us-east-1.
### Tasks
- [ ] fix: extend region support for cloudtrail logs