Today, let’s dive into S3 Audit and Logging. I want to share with you what I use daily and what I’ve learned.
Did you know that S3 provides various features for auditing and logging?
It helps you monitor and track activities within your S3 buckets. S3 Audit and Logging are crucial for security, compliance, and troubleshooting purposes.
Let’s talk about it.
S3 Event Notifications:
It allows the user to monitor events in your S3 buckets and automatically send notifications or trigger other AWS services in response to these events. The user can set up event notifications for specific S3 bucket events, such as object creation, deletion, or restoration.
Bucket Policy Logging:
It helps in monitoring changes to bucket policies. S3 bucket policies can be configured to log all or some of the policy actions. It’s easy to set up. The user modifies the bucket policy to include logging configurations.
Server Access Logging (SAL):
SAL enables server access logging at the bucket level through the S3 management console, AWS CLI, or SDKs. Server Access Logging provides detailed records for the requests made to a bucket. These logs can include information such as the requester, bucket name, request time, request action, response status, etc.
AWS CloudTrail:
Can’t talk about S3 Audit and Logging without mentioning AWS CloudTrail. It records API calls made on your account and provides a comprehensive history of API calls. CloudTrail is a separate service, and you need to create a trail to capture S3-related events.
AWS CloudWatch:
I am currently writing a blog post about CloudWatch. Stay tuned.
AWS Config:
AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources, including S3 buckets. You can use it to track changes and compliance. AWS Config creates and configures AWS Config rules for S3 buckets to ensure they adhere to specific criteria.
AWS Athena:
Athena is used for Querying S3 Logs. AWS Athena is an interactive query service that makes it easy to analyze data in S3 using standard SQL. The user can create tables in Athena that reference your S3 server access logs, allowing you to run SQL queries on the log data.
Additionally, our team uses Splunk as a third-party monitoring and security tool for a more comprehensive approach to S3 audit and logging.
What do you use to review logs and audit trails for maintaining the security and compliance of your S3 storage?
