1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Flow logs are not the appropriate tool to use here because (as you've discovered) the bucket name isn't related to the IP address. Instead, it is part of the higher-level protocol (it's transmitted as part of the HTTPS request to the S3 API) - so even if you were doing deep-packet inspection it would still be encrypted which makes it difficult (again) to determine.
To get the information you require, you might try the following:
- Create a S3 Gateway Endpoint - this has no extra charge (in fact, it may reduce your NAT Gateway charges) and is transparent to your application(s).
- Enable S3 access logging - note that you will pay for storage of the logs so I'd recommend deleting old logs to save costs.
- The access log format has the source IP address of the requester in it.
Followup question: What do you need this information for?
関連するコンテンツ
- 質問済み 6年前
- AWS公式更新しました 2年前
- AWS公式更新しました 2年前
Thanks for the answer! We need this information to monitor communication between EC2 and S3 for some analytics purpose.