Difference between revisions of "Amazon S3 logging"
Jump to navigation
Jump to search
(12 intermediate revisions by the same user not shown) | |||
Line 10: | Line 10: | ||
* Terraform resource: <code>[[Terraform resource: aws_s3_bucket_logging|aws_s3_bucket_logging]]</code> | * Terraform resource: <code>[[Terraform resource: aws_s3_bucket_logging|aws_s3_bucket_logging]]</code> | ||
+ | * [[CLI]]: <code>[[aws s3api put-bucket-logging]]</code> | ||
+ | Limitations: | ||
+ | * The destination bucket must be in the same AWS Region and [[AWS account]] as the source bucket. | ||
+ | * S3 buckets that have [[S3 Object Lock]] enabled can't be used as destination buckets for server access logs | ||
+ | * Your destination bucket must not have a default [[retention period]] configuration. | ||
+ | Recomendations: | ||
+ | * we recommend that you use a [[bucket policy]] instead of [[ACLs]]. | ||
== News == | == News == | ||
Line 18: | Line 25: | ||
== Related == | == Related == | ||
* [[Logging requests with server access logging]] | * [[Logging requests with server access logging]] | ||
+ | * [[Enabling Amazon S3 server access logging]] | ||
+ | * [[AWS S3 Object Lock]]: <code>[[aws s3api put-object-lock-configuration]]</code> | ||
+ | * <code>[[logging.s3.amazonaws.com]]</code> | ||
+ | * Nov 2014 [[New Event Notifications for Amazon S3]]: <code>[[s3_bucket_notification]]</code> | ||
+ | * [[Stealth:S3/ServerAccessLoggingDisabled]] | ||
== See also == | == See also == |
Latest revision as of 05:40, 20 June 2024
Amazon S3 allows users to enable or disable logging. If enabled, the logs are stored in Amazon S3 buckets which can then be analyzed. These logs contain useful information such as:
- Date and time of access to requested content
- Protocol used (HTTP, FTP, etc.)
- HTTP status codes
- Turnaround time
- HTTP request message
- Terraform resource:
aws_s3_bucket_logging
- CLI:
aws s3api put-bucket-logging
Limitations:
- The destination bucket must be in the same AWS Region and AWS account as the source bucket.
- S3 buckets that have S3 Object Lock enabled can't be used as destination buckets for server access logs
- Your destination bucket must not have a default retention period configuration.
Recomendations:
- we recommend that you use a bucket policy instead of ACLs.
News[edit]
Related[edit]
- Logging requests with server access logging
- Enabling Amazon S3 server access logging
- AWS S3 Object Lock:
aws s3api put-object-lock-configuration
logging.s3.amazonaws.com
- Nov 2014 New Event Notifications for Amazon S3:
s3_bucket_notification
- Stealth:S3/ServerAccessLoggingDisabled
See also[edit]
- Amazon S3 logging,
aws s3 bucket logging
- AWS S3,
aws s3, aws s3api, aws s3control, s3:
, Amazon S3 Storage Lens, AWS S3 replication, CRR, SSR, CAR, S3 Replication Time Control (S3 RTC), Website endpoint, Amazon Macie, Versioning, Lifecycle, Encryption, logging, Amazon S3 Inventory, Amazon S3 Batch Operations, Storage Classes, Amazon S3 clients, Terraform S3, AWS canned ACLs, Directory buckets, security,PutObject
Advertising: