S3 Server Access Logging

Via AWS Console

Enable server access logging for an S3 bucket

Via AWS Command Line Interface

1. Create a logging.json file with these contents, replacing <stack-internal-bucket> with your stack's internal bucket name, and <stack> with the name of your cumulus stack.

   {
     "LoggingEnabled": {
       "TargetBucket": "<stack-internal-bucket>",
       "TargetPrefix": "<stack>/ems-distribution/s3-server-access-logs/"
     }
   }

2. Add the logging policy to each of your protected and public buckets by calling this command on each bucket.

   aws s3api put-bucket-logging --bucket <protected/public-bucket-name> --bucket-logging-status file://logging.json

3. Verify the logging policy exists on your buckets.

   aws s3api get-bucket-logging --bucket <protected/public-bucket-name>