Understanding s3 PutBucketLogging action

0
  • A company uses multiple AWS accounts in a single AWS Region.
  • A solutions architect is designing a solution to consolidate logs generated by Elastic Load Balancers (ELBs) in the AppDev, AppTest and AppProd accounts.
  • The logs should be stored in an existing Amazon S3 bucket named s3-eib-logs in the central AWS account.
  • The central account is used for log consolidation only and does not have ELBs deployed.

Solution: Update the S3 bucket policy for the s3-elb-logs bucket to allow the s3 PutBucketLogging action for the central AWS account ID

My Doubt: Here, s3 PutBucketLogging will only allow central AWS account to enable or modify the bucket logging configuration for the "s3-eib-logs" bucket. How the s3 PutBucketLogging will allow to store consolidated logs from ELBs into the "s3-eib-logs" bucket?

1 Answer
0

Your bucket policy does need to allow access from your other accounts. The cleanest way to achieve this is to allow access from the Organization - see the 2nd example at https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-global-condition-keys.

EXPERT
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions