Loading...

Auditing and Logging

To log details about calls for Amazon Simple Storage Service (S3) events, you can use the Amazon Web Services (AWS) CloudTrail service. The CloudTrail service can log actions taken by a user, a role, or an AWS service in Amazon S3. The log is helpful for things such as auditing and preserving the event trail about deleted S3 buckets or deleted objects that might contain important backup data.

To configure auditing and logging to log all accesses to S3 objects, including API accesses, you need to complete the following configuration:

  • On the AWS console, configure object-level S3 logging.
  • Place all logs in an S3 bucket that is owned by a separate account that is used only for auditing.

Related Topics

The following AWS documentation pages provide more information:

Last modified: 8/27/2020 9:31:09 PM