S3 Access Logs Overview

• Purpose: S3 Access Logs are used for auditing access to your S3 buckets. They help track requests made to your S3 buckets by any account, authorized or denied.
• Functionality: When enabled, every request to the S3 bucket is logged as a file into another S3 bucket.
• Analysis: The logged data can be analyzed using tools like Amazon Athena.
• Region Constraint: The target bucket for logging must be in the same AWS region as the source bucket.

Enabling Access Logs

1. Make a request against your S3 buckets.
2. Enable access logs so that all requests are logged into the designated logging bucket.

Log Format

• Access logs have a specific format.
• The log format can be found at the provided URL (URL not included in the transcript).

Important Warning

• Do Not: Set your logging bucket to be the same as the bucket being monitored.
• Reason: This creates a logging loop, causing the bucket to grow exponentially in size, which could result in high costs.

Conclusion

• Be cautious when configuring S3 access logs.
• Ensure the logging bucket is different from the bucket you are monitoring to avoid infinite loops and unexpected costs.

Next Steps

• The next lecture will continue with more AWS DevOps topics.