S3 Server Access Logging

Note: To support EMS Reporting, you need to enable Amazon S3 server access logging on all protected and public buckets.

Via AWS Console

Enable server access logging for an S3 bucket

Via AWS Command Line Interface

1. Create a logging.json file with these contents, replacing <stack-internal-bucket> with your stack's internal bucket name, and <stack> with the name of your cumulus stack.

   {
     "LoggingEnabled": {
       "TargetBucket": "<stack-internal-bucket>",
       "TargetPrefix": "<stack>/ems-distribution/s3-server-access-logs/"
     }
   }

2. Add the logging policy to each of your protected and public buckets by calling this command on each bucket.

   aws s3api put-bucket-logging --bucket <protected/public-bucket-name> --bucket-logging-status file://logging.json

3. Verify the logging policy exists on your buckets.

   aws s3api get-bucket-logging --bucket <protected/public-bucket-name>