Difference between revisions of "Amazon S3 logging"
Jump to navigation
Jump to search
Line 29: | Line 29: | ||
* <code>[[logging.s3.amazonaws.com]]</code> | * <code>[[logging.s3.amazonaws.com]]</code> | ||
* Nov 2014 [[New Event Notifications for Amazon S3]] | * Nov 2014 [[New Event Notifications for Amazon S3]] | ||
+ | * [[Stealth:S3/ServerAccessLoggingDisabled]] | ||
== See also == | == See also == |
Revision as of 11:44, 17 June 2024
Amazon S3 allows users to enable or disable logging. If enabled, the logs are stored in Amazon S3 buckets which can then be analyzed. These logs contain useful information such as:
- Date and time of access to requested content
- Protocol used (HTTP, FTP, etc.)
- HTTP status codes
- Turnaround time
- HTTP request message
- Terraform resource:
aws_s3_bucket_logging
- CLI:
aws s3api put-bucket-logging
Limitations:
- The destination bucket must be in the same AWS Region and AWS account as the source bucket.
- S3 buckets that have S3 Object Lock enabled can't be used as destination buckets for server access logs
- Your destination bucket must not have a default retention period configuration.
Recomendations:
- we recommend that you use a bucket policy instead of ACLs.
News
Related
- Logging requests with server access logging
- Enabling Amazon S3 server access logging
- AWS S3 Object Lock:
aws s3api put-object-lock-configuration
logging.s3.amazonaws.com
- Nov 2014 New Event Notifications for Amazon S3
- Stealth:S3/ServerAccessLoggingDisabled
See also
- Amazon S3 logging,
aws s3 bucket logging
- AWS S3,
aws s3, aws s3api, aws s3control, s3:
, Amazon S3 Storage Lens, AWS S3 replication, CRR, SSR, CAR, S3 Replication Time Control (S3 RTC), Website endpoint, Amazon Macie, Versioning, Lifecycle, Encryption, logging, Amazon S3 Inventory, Amazon S3 Batch Operations, Storage Classes, Amazon S3 clients, Terraform S3, AWS canned ACLs, Directory buckets, security,PutObject
Advertising: