Increasing Your Security Posture when Using Amazon S3
S3 Encryption Mechanisms
Amazon S3 Lifecycle Configurations
Introduction to Amazon EFS
EFS in Practice
Amazon Elastic Block Store (EBS)
AWS Storage Gateway
Performance Factors Across AWS Storage Services
The course is part of this learning path
This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the core storage concepts and services relevant to the SAP-C02 exam. We start with an introduction to AWS storage services, understand the options available, and learn how to select and apply AWS storage services to meet specific requirements.
- Obtain an in-depth understanding of Amazon S3 - Simple Storage Service
- Learn how to improve your security posture in S3
- Get both a theoretical and practical understanding of EFS
- Learn how to create an EFS file system, manage EFS security, and import data in EFS
- Learn about EC2 storage and Elastic Block Store
- Learn about the different performance factors associated with AWS storage services
Hello and welcome to this short lecture which will introduce you to the object level logging capabilities with your S3 buckets.
This feature is actually more closely related to the AWS CloudTrail service than S3 in a way, as it’s AWS CloudTrail that performs logging activities against Amazon S3 data events. These data events are specific API calls used in S3, such as
So what is CloudTrail? CloudTrail is a service that has a primary function to record and track all AWS API requests made. These API calls can be programmatic requests initiated from a user using an SDK, the AWS command-line interface, from within the AWS management console or even from a request made by another AWS service.
When an API request is initiated, AWS CloudTrail captures the request as an event and records this event within a log file which is then stored on S3. Each API call represents a new event within the log file. CloudTrail also records and associates other identifying metadata with all the events. For example, the identity of the caller, the timestamp of when the request was initiated and the source IP address.
We have a detailed course on AWS CloudTrail which an be found here which will provide a deep insight into the service and its full capabilities.
Capturing S3 data events can be configured in 2 ways: Firstly, if you want to capture data events for all or some of your S3 buckets, then you can configure this from within one of your Trails using the AWS CloudTrail console itself as shown here. Secondly, if it’s not already enabled via AWS CloudTrail for your bucket you can configure it at the bucket level using the Properties tab. Selecting the Object-level logging tile will present you with options to configure it.
As you can see, due to its integration with AWS CloudTrail you will be asked to select an existing trail from the same region to capture your S3 data events for this bucket. In this example, I have used my ‘Trail_Demo’ trail. You must also select which type of events you would like to capture, either just Read events or Write events, or both. Once you have made your selection, simply select Create and Object-level logging will be enabled and AWS CloudTrail will capture any S3 Data events associated with this bucket.
For more information on where your CloudTrail logs are stored and accessed, and how to interpret your CloudTrail logs, please see our existing course here.
Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.