S3 access logging
I enabled the Server access logging in my bucket and specified a destination bucket for logs,
the destination bucket is encrypted with SSE-KMS (using my own KMS KEY),
but noticed that the logs don't come to this destination log bucket
is there a missing step to do so I can see logs on the destination bucket?
Permissions need to be configured for log delivery. This might help: https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html
yea I already did that, still not working, seems KMs not supported??
Yes, the document says:
You can use default bucket encryption on the target bucket only if you use AES256 (SSE-S3). Default encryption with AWS KMS keys (SSE-KMS) is not supported.
Storing Application Load Balancer access logs in a KMS-encrypted S3 bucketasked 3 years ago
New s3 bucket, filling with files before anything was connectedAccepted Answerasked 5 months ago
Cross Account Copy S3 Objects From Account B to AWS KMS-encrypted bucket in Account Aasked 5 months ago
Use KMS grant to access to encrypted KMS - CMK S3 bucketasked 3 months ago
Scaling cross-account AWS KMS-encrypted S3 access using ABACAccepted Answerasked 4 months ago
Grant Access to Control Tower created Cloudtrail S3 Bucketasked 6 months ago
S3 access loggingasked 22 days ago
Server Access Logging Bucketasked 7 months ago
Avoid recursive S3 server access logging + TrustedAdvisor warningasked 3 months ago
S3 Server Access Logging - Another Accountasked 3 months ago