1 Answer
- Newest
- Most votes
- Most comments
0
Please note that S3 Server Access logging only accept target bucket that belongs to the same AWS account. Therefore you cannot send directly the server access log to other account. Quote from the documentation
By default, Amazon S3 doesn't collect server access logs. When you enable logging, Amazon S3 delivers access logs for a source bucket to a target bucket that you choose. The target bucket must be in the same AWS Region and AWS account as the source bucket, and must not have a default retention period configuration.
However, you could use cross account S3 Replication to replicate the log files from a bucket in the source account to a bucket in the destination account:
- You need to create server access logs on your source bucket that delivers logs to the bucket belongs to your account with versioning enabled and then you can configure a cross account replication between the target bucket of your account and the bucket that belongs to different account.
- Then, to avoid duplication of logs and extra cost for storage, you can create a Lifecycle rule that would expire your Server Access logs after a certain number of days once you have confirmed that they will have been replicated successfully to the bucket that belongs to different AWS Account. You can have a look at the following link on how to create S3 Lifecycle Rules.
- Finally note that objects that existed before you set up replication aren't replicated automatically. In other words, Amazon S3 doesn't replicate objects retroactively. You can use Batch Replication to replicate objects that were added to the bucket before Cross-Account Replication was configured.
Hope this helps.
Relevant content
- Accepted Answerasked 7 months ago
- asked 9 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 9 days ago