Monitoring S3 on Outposts with Amazon CloudTrail logs - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Monitoring S3 on Outposts with Amazon CloudTrail logs

Amazon S3 on Outposts is integrated with Amazon CloudTrail, a service that provides a record of actions taken by a user, role, or an Amazon Web Service in S3 on Outposts. You can use Amazon CloudTrail to get information about S3 on Outposts bucket-level and object-level requests to audit and log your S3 on Outposts event activity. To enable CloudTrail data events for all your Outposts buckets or for a list of specific Outposts buckets, you must create a trail manually in CloudTrail. For more information about CloudTrail log file entries, see S3 on Outposts log file entries.

Note

Enable CloudTrail logging for objects in an S3 on Outposts bucket

You can use the Amazon S3 console to configure an Amazon CloudTrail trail to log data events for objects in an Amazon S3 on Outposts bucket. CloudTrail supports logging S3 on Outposts object-level API operations such as GetObject, DeleteObject, and PutObject. These events are called data events.

By default, CloudTrail trails don't log data events. However, you can configure trails to log data events for S3 on Outposts buckets that you specify, or to log data events for all the S3 on Outposts buckets in your Amazon Web Services account. For more information, see Logging Amazon S3 API calls using Amazon CloudTrail.

CloudTrail does not populate data events in the CloudTrail event history. Additionally, not all S3 on Outposts bucket–level API operations are populated in the CloudTrail event history. For more information about how to query CloudTrail logs, see Using Amazon CloudWatch Logs filter patterns and Amazon Athena to query CloudTrail logs on the Amazon Knowledge Center.

To configure a trail to log data events for an S3 on Outposts bucket, you can use either the Amazon CloudTrail console or the Amazon S3 console. If you are configuring a trail to log data events for all the S3 on Outposts buckets in your Amazon Web Services account, it's easier to use the CloudTrail console. For information about using the CloudTrail console to configure a trail to log S3 on Outposts data events, see Data events in the Amazon CloudTrail User Guide.

Important

Additional charges apply for data events. For more information, see Amazon CloudTrail pricing.

The following procedure shows how to use the Amazon S3 console to configure a CloudTrail trail to log data events for an S3 on Outposts bucket.

Note

The Amazon Web Services account that creates the bucket owns it and is the only one that can configure S3 on Outposts data events to be sent to Amazon CloudTrail.

To enable CloudTrail data events logging for objects in an S3 on Outposts bucket
  1. Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at https://console.amazonaws.cn/s3/.

  2. In the left navigation pane, choose Outposts buckets.

  3. Choose the name of the Outposts bucket whose data events you want to log by using CloudTrail.

  4. Choose Properties.

  5. In the Amazon CloudTrail data events section, choose Configure in CloudTrail.

    The Amazon CloudTrail console opens.

    You can create a new CloudTrail trail or reuse an existing trail and configure S3 on Outposts data events to be logged in your trail.

  6. On the CloudTrail console Dashboard page, choose Create trail.

  7. On the Step 1 Choose trail attributes page, provide a name for the trail, choose an S3 bucket to store trail logs, specify any other settings that you want, and then choose Next.

  8. On the Step 2 Choose log events page, under Event type, choose Data events.

    For Data event type, choose S3 Outposts. Choose Next.

    Note
    • When you create a trail and configure data event logging for S3 on Outposts, you must specify the data event type correctly.

      • If you use the CloudTrail console, choose S3 Outposts for Data event type. For information about how to create trails in the CloudTrail console, see Creating and updating a trail with the console in the Amazon CloudTrail User Guide. For information about how to configure S3 on Outposts data event logging in the CloudTrail console, see Logging data events for Amazon S3 Objects in the Amazon CloudTrail User Guide.

      • If you use the Amazon Command Line Interface (Amazon CLI) or the Amazon SDKs, set the resources.type field to AWS::S3Outposts::Object. For more information about how to log S3 on Outposts data events with the Amazon CLI, see Log S3 on Outposts events in the Amazon CloudTrail User Guide.

    • If you use the CloudTrail console or the Amazon S3 console to configure a trail to log data events for an S3 on Outposts bucket, the Amazon S3 console shows that object-level logging is enabled for the bucket.

  9. On the Step 3 Review and create page, review the trail attributes and the log events that you configured. Then, choose Create trail.

To disable CloudTrail data events logging for objects in an S3 on Outposts bucket
  1. Sign in to the Amazon Web Services Management Console and open the CloudTrail console at https://console.amazonaws.cn/cloudtrail/.

  2. In the left navigation pane, choose Trails.

  3. Choose the name of the trail that you created to log events for your S3 on Outposts bucket.

  4. On the details page for your trail, choose Stop logging in the upper-right corner.

  5. In the dialog box that appears, choose Stop logging.