Object-Level Logging
Start course

This course will look at some of the management and bucket property features that Amazon S3 has to offer, and how you can use them to maintain and control your data. There are a number of different features available and you may be familiar with some of them, and others perhaps not so much, so this course has been designed to give you a full overview of what is available to you. 

If you have any feedback, queries, or comments relating to this course, feel free to reach out to us at

Course Objectives

The main objective of this course is to introduce and explain the available properties that are configurable at the bucket level that Amazon S3 has to offer to help you manage and administer your data effectively. 

Intended Audience

This course has been designed for:

  • Storage and operations engineers responsible for maintaining and storing data within the enterprise
  • AWS Architects who are designing new solutions requiring data storage capabilities
  • Those who are looking to begin their certification journey with either the AWS Cloud Practitioner or one of the three Associate-level certifications


This is an intermediate level course to AWS storage services and, therefore, to get the most out of this course, you should have some basic knowledge of Amazon S3. For more information related to this service, please see our existing course entitled Introduction to Amazon S3.



Hello and welcome to this short lecture which will introduce you to the object level logging capabilities with your S3 buckets.

This feature is actually more closely related to the AWS CloudTrail service than S3 in a way, as it’s AWS CloudTrail that performs logging activities against Amazon S3 data events. These data events are specific API calls used in S3, such as GetObject, DeleteObject, and PutObject.

So what is CloudTrail? CloudTrail is a service that has a primary function to record and track all AWS API requests made. These API calls can be programmatic requests initiated from a user using an SDK, the AWS command-line interface, from within the AWS management console or even from a request made by another AWS service.

When an API request is initiated, AWS CloudTrail captures the request as an event and records this event within a log file which is then stored on S3. Each API call represents a new event within the log file. CloudTrail also records and associates other identifying metadata with all the events. For example, the identity of the caller, the timestamp of when the request was initiated and the source IP address.

We have a detailed course on AWS CloudTrail which an be found here which will provide a deep insight into the service and its full capabilities.

Capturing S3 data events can be configured in 2 ways: Firstly, if you want to capture data events for all or some of your S3 buckets, then you can configure this from within one of your Trails using the AWS CloudTrail console itself as shown here. Secondly, if it’s not already enabled via AWS CloudTrail for your bucket you can configure it at the bucket level using the Properties tab. Selecting the Object-level logging tile will present you with options to configure it.

As you can see, due to its integration with AWS CloudTrail you will be asked to select an existing trail from the same region to capture your S3 data events for this bucket. In this example, I have used my ‘Trail_Demo’ trail. You must also select which type of events you would like to capture, either just Read events or Write events, or both. Once you have made your selection, simply select Create and Object-level logging will be enabled and AWS CloudTrail will capture any S3 Data events associated with this bucket.

For more information on where your CloudTrail logs are stored and accessed, and how to interpret your CloudTrail logs, please see our existing course here.

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.