By using AWS re:Post, you agree to the Terms of Use
/S3 Server Access Logging - Another Account/

S3 Server Access Logging - Another Account


Hello comunity, Im trying to enable s3 server access log, to send logs to a bucket in another account. I Guess i had setup the bucket destination policy Right, but im getting this sort of error: "Unknown Error An unexpected error occurred.

API response The specified method is not allowed against this resource." Have anyone did this sucessfully?

1 Answers

Hi @Deivis-Campos-0022, Is the target bucket in the same region? I'm pretty new to S3 server access logging, but based on the S3 user guide found here, it needs to be in the same region.

By default, Amazon S3 doesn't collect server access logs. When you enable logging, Amazon S3 delivers access logs for a source bucket to a target bucket that you choose. The target bucket must be in the same AWS Region as the source bucket and must not have a default retention period configuration.

Let us know if that's the reason. I'm trying to learn as much as I can here, so hopefully this helps.

answered 3 months ago
  • Hi mnemosyne thanks for your interaction. Yes the buckets are in the same region but in diferrent accounts.

  • Have you configured permissions on the target bucket to allow the source account/bucket to write to it? If possible, please provide as much information as to the configuration you've performed so far. It will be helpful so we don't go over anything you've already done to try and make this work. Some additional follow-up, this may not actually be possible. I'm not sure if you have a support account but if you look at the table in this article, Amazon Simple Storage Service User Guide, Cross-account log delivery does not appear to be possible for S3 server logs. In the table, see the 4th row Cross-account log delivery (target and source bucked owned by different accounts), you'll notice it does not say Yes in the column for Amazon S3 server logs. You may want to consider using CloudTrail instead, so long as it provides the level of logging you require.

    I'll keep looking into this on my end to confirm.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions