Difference between revisions of "Amazon S3 logging"

• https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html

Amazon S3 allows users to enable or disable logging. If enabled, the logs are stored in Amazon S3 buckets which can then be analyzed. These logs contain useful information such as:

• Date and time of access to requested content
• Protocol used (HTTP, FTP, etc.)
• HTTP status codes
• Turnaround time
• HTTP request message

• Terraform resource: aws_s3_bucket_logging
• CLI: aws s3api put-bucket-logging

Limitations:

• The destination bucket must be in the same AWS Region and AWS account as the source bucket.
• S3 buckets that have S3 Object Lock enabled can't be used as destination buckets for server access logs
• Your destination bucket must not have a default retention period configuration.

Recomendations:

• we recommend that you use a bucket policy instead of ACLs.

News

• Nov 2023 Amazon S3 server access logging now supports automatic date-based partitioning

Related

• Logging requests with server access logging
• Enabling Amazon S3 server access logging
• AWS S3 Object Lock: aws s3api put-object-lock-configuration
• logging.s3.amazonaws.com
• Nov 2014 New Event Notifications for Amazon S3: s3_bucket_notification
• Stealth:S3/ServerAccessLoggingDisabled

See also

• Amazon S3 logging, aws s3 bucket logging
• AWS S3, aws s3, aws s3api, aws s3control, s3:, Amazon S3 Storage Lens, AWS S3 replication, CRR, SSR, CAR, S3 Replication Time Control (S3 RTC), Website endpoint, Amazon Macie, Versioning, Lifecycle, Encryption, logging, Amazon S3 Inventory, Amazon S3 Batch Operations, Storage Classes, Amazon S3 clients, Terraform S3, AWS canned ACLs, Directory buckets, security, PutObject