What's the difference between the AWS S3 logs and the AWS CloudTrail? On the doc of CloudTrail I saw this:
CloudTrail adds another dimension to the monitoring capabilities already offered by AWS. It does not change or replace logging features you might already be using.
To add the required CloudTrail policy to an Amazon S3 bucketOpen the Amazon S3 console at https://console.aws.amazon.com/s3/ . Choose the bucket where you want CloudTrail to deliver your log files, and then choose Properties. Choose Permissions.
You can use AWS CloudTrail logs together with server access logs for Amazon S3. CloudTrail logs provide you with detailed API tracking for Amazon S3 bucket-level and object-level operations. Server access logs for Amazon S3 provide you visibility into object-level operations on your data in Amazon S3.
Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Buckets list, choose the name of the bucket that you want to enable server access logging for. Choose Properties. In the Server access logging section, choose Edit.
Amazon CloudTrail will only show the results of the CloudTrail Event History for the current region you are viewing for the last 90 days and support the Amazon Web Services services found here. These events are limited to Management Events with create, modify, and delete API calls and account activity.
CloudTrail tracks API access for infrastructure-changing events, in S3 this means creating, deleting, and modifying bucket (S3 CloudTrail docs). It is very focused on API methods that modify buckets.
S3 Server Access Logging provides web server-style logging of access to the objects in an S3 bucket. This logging is granular to the object, includes read-only operations, and includes non-API access like static web site browsing.
AWS has added one more functionality since this question was asked, namely CloudTrail Data events
Currently there are 3 features available:
Now, 2 and 3 seem similar functionalities but they have some differences which may prompt users to use one or the other or both(in our case)! Below are the differences which I could find:
Information which is not available in Cloudtrail logs but is available in Server Access logs. Reference:
AWS Support recommends that decisions can be made using CloudTrail logs and if you need that additional information too which is not available in CloudTrail logs, you can then use Server access logs.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With