Skip to content

put-bucket-logging.rst

Latest commit

 

History

History
36 lines (30 loc) · 1.29 KB

put-bucket-logging.rst

File metadata and controls

36 lines (30 loc) · 1.29 KB

The example below sets the logging policy for MyBucket. The AWS user [email protected] will have full control over the log files, and all users will have access to them. First, grant S3 permission with put-bucket-acl:

aws s3api put-bucket-acl --bucket MyBucket --grant-write URI=http://acs.amazonaws.com/groups/s3/LogDelivery --grant-read-acp URI=http://acs.amazonaws.com/groups/s3/LogDelivery

Then apply the logging policy:

aws s3api put-bucket-logging --bucket MyBucket --bucket-logging-status file://logging.json

logging.json is a JSON document in the current folder that contains the logging policy:

{
  "LoggingEnabled": {
    "TargetBucket": "MyBucket",
    "TargetPrefix": "MyBucketLogs/",
    "TargetGrants": [
      {
        "Grantee": {
          "Type": "AmazonCustomerByEmail",
          "EmailAddress": "[email protected]"
        },
        "Permission": "FULL_CONTROL"
      },
      {
        "Grantee": {
          "Type": "Group",
          "URI": "http://acs.amazonaws.com/groups/global/AllUsers"
        },
        "Permission": "READ"
      }
    ]
  }
}

Note

the put-bucket-acl command is required to grant S3's log delivery system the necessary permissions (write and read-acp permissions).