Skip to content

Instantly share code, notes, and snippets.

@matbrady

matbrady/s3_logging.md

Last active January 21, 2020 18:20
Show Gist options
  • Save matbrady/e81153b79944fed892aedafa183b255f to your computer and use it in GitHub Desktop.
Save matbrady/e81153b79944fed892aedafa183b255f to your computer and use it in GitHub Desktop.
Download ZIP
Enable S3 Logging
Raw
s3_logging.md

Enable S3 Logging with AWS CLI

These captures the details provide by the aws s3api put-bucket-logging help log and documented here https://docs.aws.amazon.com/cli/latest/reference/s3api/put-bucket-logging.html

Grant S3 permission

aws s3api put-bucket-acl --bucket $BUCKET --profile $PROFILE --grant-write URI=http://acs.amazonaws.com/groups/s3/LogDelivery --grant-read-acp URI=http://acs.amazonaws.com/groups/s3/LogDelivery

Apply the Logging Policy

Create a permission file

create a logging.json file in the current directory

{
  "LoggingEnabled": {
    "TargetBucket": "bucket-name",
    "TargetPrefix": "bucket-name-logs/",
    "TargetGrants": [
      {
        "Grantee": {
          "Type": "AmazonCustomerByEmail",
          "EmailAddress": "user@example.com"
        },
        "Permission": "FULL_CONTROL"
      },
      {
        "Grantee": {
          "Type": "Group",
          "URI": "http://acs.amazonaws.com/groups/global/AllUsers"
        },
        "Permission": "READ"
      }
    ]
  }
}

Apply the permissions

aws s3api put-bucket-logging --bucket $BUCKET --bucket-logging-status file://logging.json
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment