Practicing Amazon S3 Access Logs

Amazon S3 Server Access Logging is a feature that records all requests made to an S3 bucket, providing visibility into who accessed your bucket, when, and what actions they performed. This is useful for security audits, troubleshooting, and compliance.

1. Setting Up S3 Access Logging

To enable S3 access logging, we need:

1. A source bucket (where logs will be captured).
2. A logging bucket (where logs will be stored).

Step 1: Create a Logging Bucket

1. Navigate to the S3 Console.
2. Create a new bucket (e.g., stefan-access-log-v3).
3. This bucket should be in the same region as the source bucket.
4. Do not enable public access—this bucket should be private.
5. Click Create Bucket.

Step 2: Enable Server Access Logging

1. Select the source bucket (the one you want to monitor).
2. Go to Properties → Scroll to Server Access Logging.
3. Click Edit and enable logging.
4. Set the destination bucket to the logging bucket (stefan-access-log-v3).
5. Optionally, add a prefix (e.g., logs/) to organize log files.