Amazon S3 Access Logs¶
Ingest S3 bucket access logs using the Observe Lambda forwarder.
Enable S3 access logging¶
S3 bucket access logging is disabled by default. If needed, first enable logging for the desired bucket:
Navigate to S3 in the AWS Console
Select the bucket you’d like to get access logs for
Click on “Properties”
Under “Server access logging”, click “Edit”
Select “Enable” and provide the log destination bucket in “Target bucket”
Click “Save changes”
See the AWS access logging documentation for full details.
Forward logs using Lambda¶
If you are already using the Lambda forwarder, you do not need to install it again. If you are installig it for the first time, consider the AWS Integration to easily ingest additional AWS data.
For each log bucket (“Target bucket”), add a trigger so the forwarder can send access logs as they are generated.
Navigate to Lambda in the AWS Console
Select the Observe Lambda function (created by the forwarder or integration installation process)
Select “Add Trigger”, then search for “S3”
Configure the trigger with the following settings:
Bucket: the log bucket
Event type: the desired events to send, such as “All object create events”
Prefix or Suffix if desired (optional)
Click “Add” to save.
S3 access logs may take some time to be created in the target bucket. For details, see the AWS documentation about best-effort delivery.