- Newest
- Most votes
- Most comments
Unfortunately there isn't an easy one click option afaik - One way I can think of this could be achieved is you would need to enable server access logs for your s3 bucket - this would contain the source request information you require.
You would then need to process these logs. You could use lambda to send the data to a log aggregation service like Opensearch where you can perform the processing and take action - see this blog. Another option is have a step function run on a schedule to use Athena to query the logs and take action (update your bucket policy to block). The main difference between these two options is how real time you need to process the logs and put the block in place
Another approach is to front the bucket with CloudFront and dynamically update a WAF ACL with a deny list. You could send the CloudFront logs to S3 and use Athena to query. This has the added benefit of not having a public bucket.
Relevant content
- asked a year ago
- Accepted Answerasked 8 months ago
- asked a year ago
- asked 5 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago