Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!
How do I see who accessed my Amazon S3 buckets and objects?
I want to track who's accessing my Amazon Simple Storage Service (Amazon S3) buckets and objects.
Resolution
You can record actions that users, roles, and AWS services take on your Amazon S3 resources, and maintain log records for audits and compliance requests. To record actions on your Amazon S3 resources, you can use server access logs, AWS CloudTrail logs, or a combination of both.
Server access logs
Server access logs provide detailed records for requests to your bucket. Use server access logs when you need detailed traffic analysis, access patterns, an audit of lifecycle actions, or granular request data.
Amazon S3 delivers server access log records on a best-effort basis. Most log records are available within a few hours of the time when they are recorded, but they can be delivered sooner.
You can deliver the server access logs of a bucket to another bucket owned by the same AWS account in the same AWS Region. The following are important considerations for destination buckets:
- The destination bucket doesn't automatically provide server-side encryption of log records with AWS KMS keys (SSE-KMS). You must update the key policy to allow the log delivery service access.
- The destination bucket can't have S3 Object Lock turned on.
- The destination bucket must not have a default retention period configuration.
Server access logs are available only for general purpose buckets.
To activate server access logs, see Turning on Amazon S3 server access logging.
To analyze the server access logs with Amazon Athena, see How do I use Amazon Athena to analyze my Amazon S3 server access logs?
AWS CloudTrail logs
Use CloudTrail to track API calls made to Amazon S3. CloudTrail provides information on who made the request, when the request occurred, source IP address, request parameters, and response elements. Use CloudTrail when you need audit trails for compliance, security analysis, or integration with AWS security services.
CloudTrail is available for general purpose buckets, directory buckets, table buckets, and vector buckets. CloudTrail provides faster log delivery than server access logging, with data events every 5 minutes and management events every 15 minutes. CloudTrail can deliver logs across Regions and accounts. Data events incur a charge, in addition to the charges for log storage.
For more information on CloudTrail logging, see Logging Amazon S3 API calls using AWS CloudTrail.
To activate CloudTrail logs, see Turning on CloudTrail event logging for S3 buckets and objects.
Related information
- Topics
- Storage
- Language
- English
Relevant content
- asked 9 months ago
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
