- 最新
- 投票最多
- 评论最多
Hi,
Some objects in some system bucket are created by diverse AWS services like CloudTrail which can automatically store some logs in buckets .
So, can you detail a bit the content of the S3 objects to see if they are generated by AWS services?
Best,
Didier
Hi,
Please let me know if my understanding is correct or not. I think lambda is pushing logs to S3 bucket. Can you confirm S3 is configured as destination or not ? Normally lambda pushes logs to CloudWatch Log Group, but here as you said it sends to S3 bucket, so most probably you can check execution permissions of lambda and I hope S3 bucket is configured in the permission. As you disabled eventbridge schedule, so no objects would be created in S3, but it won't allow you to delete because of execution role which gives permission to lamda function to create logs only.
You can turn on CloudTrail Data events for your S3 to have better idea of who has access to your buckets and what actions they are taking. This will help you debug where / how the S3 object are being added back. https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging.html
相关内容
AWS 官方已更新 2 年前
