- Enables centralized log collection from different AWS accounts and regions.
- Achieved by configuring Subscription Filters in each source account/region.
- Forward logs in near real-time to a centralized destination, such as:
- Amazon Kinesis Data Streams
- Amazon Kinesis Data Firehose
- Amazon S3 (via Firehose)
- Common in security monitoring and centralized analytics setups.
Example:
- Account A – Region 1, Account B – Region 2, Account B – Region 3
- Each forwards logs via subscription filters to a single aggregation pipeline in a logging account.