Understanding S3 Access Logs

In this lesson, we explored S3 Access Logs, an important feature for auditing and monitoring access to S3 buckets. These logs record all requests made to an S3 bucket, including both authorized and denied access attempts.

1. What are S3 Access Logs?

S3 Access Logs provide detailed records of all requests made to an S3 bucket.

• Logs every access attempt, including who accessed the bucket, when, and from where.
• Used for auditing, security analysis, and troubleshooting.
• Logs are stored as objects in another S3 bucket.
• Can be analyzed using Amazon Athena, AWS Glue, or third-party tools.

2. How S3 Access Logging Works?

1️⃣ A request is made to an S3 bucket (read, write, or delete operation).

2️⃣ S3 generates a log entry containing details of the request.

3️⃣ The log entry is stored in a separate logging bucket.

4️⃣ The log data can be analyzed for insights.

Example Log Entry Format

An access log entry might look like this:

79a8EXAMPLEbucket 192.168.1.1 - [03/Mar/2025:12:00:00 +0000]
"GET /image.jpg HTTP/1.1" 200 - "-" "Mozilla/5.0"

This log shows:

• Bucket Name: 79a8EXAMPLEbucket