AWS S3 helps you to store data in scalable containers called buckets. You can store data of all sizes; from text files to large databases. S3 buckets can be created and managed through the AWS console, which allows you to monitor their storage usage. Besides this, AWS provides server access logging for S3 buckets to keep track of all the requests that have been made or processed for those buckets.
What is Server Access logging?
By default, Amazon Simple Storage Service (Amazon S3) doesn’t enable server access log to collect log details. If you enable server access logging, Amazon S3 collects access logs for a source bucket to a target bucket that you select. The target bucket must be located in the same AWS region as the source bucket.
Why it should be in practice?
Server Access Logging provides detailed insights of all the API calls that were made to your source S3 bucket. These server access logs can be used for the security, operational and access audits. This also gives a complete insight into your AWS S3 bills.
An access log record contains details of requests that are made to your source bucket. This information can include the type of request, the resources that are specified in the request, and the time and date that the request was processed.
Ensure that the AWS S3 Server Access Logging is enabled in your AWS console in order to record the access request to maintain the security of your account. Centilytics provides a dedicated insight which checks if the logging feature is enabled for S3 buckets or not.
There can be 2 possible scenarios
|CRITICAL||This indication will be displayed when the target bucket does not exist. Or if the target and source bucket have different owners. Also, if the log deliverer does not have write permissions of the target bucket, you get the Critical alert.|
|WARNING||This indication will be displayed when the server access logging is not enabled. Or if the target bucket does not include the root account.|
Description of further columns are as follows:
- Account Id: This column shows the respective account ID of the user’s account.
- Account Name: This column shows the account name corresponding to the user’s account.
- Region: This column shows the region in which the resource exists.
- Custom Severity Description: This column shows the custom description associated with the bucket.
- Identifier: This column shows the corresponding bucket name.
|Account Id||Applying the account Id filter will display data for the selected account Id.|
|Region||Applying the region filter will display data corresponding to the selected region|
|Severity||Applying severity filter will display public snapshots according to the selected severity type. This means, selecting ‘Critical’ will display all the resources with Critical severity. Same will be the case for Warning and Ok severity types.|
|Resource Tags||Applying resource tags filter will display data which will have the selected resource tag. For e.g. – If the user has tagged any resource using a tag named environment, then selecting the environment from the resource tags filter will display all the data accordingly.|
|Resource Tags Value||Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment:production).
Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.
|Compliance Name||Reference No.||Link|
Read more about Server Access Logging for your S3 Buckets.