How do I see who accessed my Amazon S3 buckets and objects?

2 minute read
1

I want to track who's accessing my Amazon Simple Storage Service (Amazon S3) buckets and objects.

Resolution

You can record actions that users, roles, and AWS services take on your Amazon S3 resources, and maintain log records for audits and compliance requests. To record actions taken on your Amazon S3 resources, you can use server access logging, AWS CloudTrail logging, or a combination of both.

Server access logging

Server access logging provides detailed records of the requests that are made to a bucket. You can deliver the server access logs of a bucket to another bucket owned by the same AWS account in the same AWS Region. Server access log records are delivered on a best-effort basis and most log records are delivered within a few hours of the time when they are recorded, but they can be delivered more frequently. For more information on server access logging, see Logging requests with server access logging.

To activate server access logging, see Turning on Amazon S3 server access logging.

To analyze the server access logs with Amazon Athena, see How do I use Amazon Athena to analyze my Amazon S3 server access logs?

AWS CloudTrail logging

Use AWS CloudTrail logs to track API calls from users, roles, or AWS services to your Amazon S3 resources. You can also use Athena to query your CloudTrail logs. For more information on CloudTrail logging, see Logging Amazon S3 API calls using AWS CloudTrail.

To activate CloudTrail logging, see Turning on CloudTrail event logging for S3 buckets and objects.

Related information

Logging options for Amazon S3

Identifying Amazon S3 requests using CloudTrail

AWS OFFICIAL
AWS OFFICIALUpdated a day ago