S3 Server Access Logging · Cumulus Documentation

Via AWS Console

Enable server access logging for an S3 bucket

Via AWS Command Line Interface

Create a logging.json file with these contents, replacing <stack-internal-bucket> with your stack's internal bucket name, and <stack> with the name of your cumulus stack.

{
  "LoggingEnabled": {
    "TargetBucket": "<stack-internal-bucket>",
    "TargetPrefix": "<stack>/ems-distribution/s3-server-access-logs/"
  }
}

Add the logging policy to each of your protected and public buckets by calling this command on each bucket.

aws s3api put-bucket-logging --bucket <protected/public-bucket-name> --bucket-logging-status file://logging.json

Verify the logging policy exists on your buckets.

aws s3api get-bucket-logging --bucket <protected/public-bucket-name>