1
00:00:00,210 --> 00:00:02,460
‫So now, let's talk about S3 Access Logs.

2
00:00:02,460 --> 00:00:03,570
‫So for audit purposes,

3
00:00:03,570 --> 00:00:05,700
‫you may want to log all the access made

4
00:00:05,700 --> 00:00:07,020
‫into your S3 buckets.

5
00:00:07,020 --> 00:00:08,880
‫So that means that any request made

6
00:00:08,880 --> 00:00:10,830
‫to your S3 bucket from any account,

7
00:00:10,830 --> 00:00:13,140
‫whether or not it's authorized or denied,

8
00:00:13,140 --> 00:00:16,920
‫is going to be logged as a file into another S3 bucket.

9
00:00:16,920 --> 00:00:20,370
‫And that data then can be analyzed using data analysis tool

10
00:00:20,370 --> 00:00:22,440
‫such as Amazon Athena.

11
00:00:22,440 --> 00:00:25,020
‫Now, the target logging buckets must also be

12
00:00:25,020 --> 00:00:26,550
‫in the same AWS region.

13
00:00:26,550 --> 00:00:27,510
‫So how does that work?

14
00:00:27,510 --> 00:00:30,270
‫Well, you're going to request against your S3 buckets,

15
00:00:30,270 --> 00:00:33,840
‫and then you're going to enable the access logs.

16
00:00:33,840 --> 00:00:36,000
‫So that's all the requests are being logged

17
00:00:36,000 --> 00:00:38,070
‫into the logging buckets.

18
00:00:38,070 --> 00:00:40,590
‫Now, there's a specific format to this logs,

19
00:00:40,590 --> 00:00:42,750
‫and you can find it at this URL

20
00:00:42,750 --> 00:00:44,220
‫to find the log formats.

21
00:00:44,220 --> 00:00:46,680
‫Now, with access logs, there is a little bit of warning.

22
00:00:46,680 --> 00:00:49,410
‫Never ever set your logging bucket to be the same

23
00:00:49,410 --> 00:00:51,300
‫as the bucket you are monitoring,

24
00:00:51,300 --> 00:00:53,460
‫because otherwise, it will create a logging loop

25
00:00:53,460 --> 00:00:54,690
‫and it will be infinite

26
00:00:54,690 --> 00:00:57,300
‫and your bucket will grow in size exponentially.

27
00:00:57,300 --> 00:00:58,230
‫So what does that mean?

28
00:00:58,230 --> 00:00:59,430
‫While you do put object,

29
00:00:59,430 --> 00:01:02,400
‫but the app bucket and the logging bucket is the same.

30
00:01:02,400 --> 00:01:04,290
‫So there will be a logging loop

31
00:01:04,290 --> 00:01:06,690
‫and you will log that again and log that again

32
00:01:06,690 --> 00:01:09,330
‫and log that again and you will pay a lot of money.

33
00:01:09,330 --> 00:01:11,220
‫So do not try this at home.

34
00:01:11,220 --> 00:01:13,470
‫Okay, that's it for S3 access logs.

35
00:01:13,470 --> 00:01:14,430
‫I hope you liked it,

36
00:01:14,430 --> 00:01:16,380
‫and I will see you in the next lecture.