Enable logging from Amazon services
While many services publish logs only to CloudWatch Logs, some Amazon services can publish logs directly to Amazon Simple Storage Service or Amazon Data Firehose. If your main requirement for logs is storage or processing in one of these services, you can easily have the service that produces the logs send them directly to Amazon S3 or Firehose without additional setup.
Even when logs are published directly to Amazon S3 or Firehose, charges apply. For more
information, see Vended Logs on the Logs tab at
Amazon CloudWatch Pricing
Some Amazon services use a common infrastructure to send their logs. To enable logging from these services, you must be logged in as a user that has certain permissions. Additionally, you must grant permissions to Amazon to enable the logs to be sent.
For services that require these permissions, there are two versions of the permissions needed. The services that require these extra permissions are noted as Supported [V1 Permissions] and Supported [V2 Permissions] in the table. For information about these required permissions, see the sections after the table.