S3 Server Access Logging
Via AWS Console
Enable server access logging for an S3 bucket
AWS Command Line Interface
ViaCreate a
logging.json
file with these contents, replacing<stack-internal-bucket>
with your stack's internal bucket name, and<stack>
with the name of your cumulus stack.{ "LoggingEnabled": { "TargetBucket": "<stack-internal-bucket>", "TargetPrefix": "<stack>/ems-distribution/s3-server-access-logs/" } }
Add the logging policy to each of your protected and public buckets by calling this command on each bucket.
aws s3api put-bucket-logging --bucket <protected/public-bucket-name> --bucket-logging-status file://logging.json
Verify the logging policy exists on your buckets.
aws s3api get-bucket-logging --bucket <protected/public-bucket-name>