Level 100: Create a Data Bunker Account


In this lab we will create a secure data bunker. A data bunker is a secure account which will hold important security data in a secure location. Ensure that only members of your security team have access to this account. In this lab we will create a new security account, create a secure S3 bucket in that account and then turn on CloudTrail for our organisation to send these logs to the bucket in the secure data account. You may want to also think about what other data you need in there such as secure backups.

If you are using AWS Control Tower the steps in this lab cover what has already been configured for the Control Tower Log Archive Account.

Data bunker account structure


  • A multi-account structure with AWS Organizations
  • You have access to a role with administrative access to the root account for your AWS Organization

NOTE: You will be billed for the AWS CloudTrail logs and Amazon S3 storage setup as part of this lab. See AWS CloudTrail Pricing and Amazon S3 Pricing for further details.