Lab Steps

lock
Logging in to the Amazon Web Services Console
lock
Creating an Amazon S3 Bucket
lock
Setting Up Lifecycle Policies on the S3 Bucket
lock
Enabling Server Access Logging On the S3 Bucket
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.

Introduction

If you want to have a full understanding of what is happening inside your S3 bucket, you should consider enabling the Server Access Logging functionality. This way, all the operations performed inside your bucket will be logged in another logging bucket.

In this lab, you will create an S3 logging bucket and set up this one as the server access logging bucket for the S3 bucket you previously created.

 

Instructions

1. Move back to the S3 console and create a new S3 bucket whose name is logging-bucket-#### (#### stands for random numbers) in the Oregon region:

alt

 

2. Click on the name of the bucket you created in the previous lab step to move into its dashboard.

 

3. Move under the Properties tab, and scroll down until you reach the Server access logging section:

alt

This bucket's property is disabled by default.

 

4. Click on the Edit button.

 

5. Check the Enable checkbox, and click on Browse S3 to select the logging-bucket-### as the target bucket for the logs.

 

6. Check the correct bucket and then click on Choose path:

alt

 

7. Click on Save changes to enable the server access logging feature.

You will be redirected to the Properties tab and you can see the Server access logging feature is now enabled:

alt

As per the official AWS documentation, S3 uses a best-effort pattern to deliver the logs to the target bucket. That means you could wait a few minutes up to hours to view the created logs. For more information about the structure of how a log is structured, you can follow the official docs.

If you are interested in trying this feature in a long enough lab environment, you should do the Amazon Simple Storage Service (Amazon S3) Playground.

When enabling the server access logs property on a bucket, the target bucket ACL is automatically updated to let the LogDelivery account (a special AWS account) create the logs objects:

alt

 

Summary

In this lab, you created an S3 logging bucket and set up this one as the server access logging bucket for the S3 bucket you previously created.

Validation checks
1Checks
Enabled Server Access Logging

Check whether the server access logging feature has been enabled.

Amazon S3