1. Answers
  2. Creating AWS S3 Bucket with Logging

How Do I Create an AWS S3 Bucket With Logging Enabled?

Introduction

Creating an AWS S3 bucket with logging enabled is an essential task for monitoring and auditing access to your data. By setting up logging, you can track requests made to your S3 bucket, which is crucial for security and compliance purposes. This guide will walk you through the process of creating an S3 bucket with logging enabled using Pulumi in TypeScript.

Key Steps

To create an AWS S3 bucket with logging enabled, follow these main steps:

  1. Define the Source Bucket: Specify the bucket where logs will be collected.
  2. Define the Target Bucket: Specify the bucket where the collected logs will be stored.
  3. Set Up Bucket Logging: Configure logging from the source bucket to the target bucket.

Implementation

Below is the program that accomplishes this:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Define the target bucket that will store the logs
const logBucket = new aws.s3.BucketV2("log_bucket", {
    bucket: "my-log-bucket",
    versionings: [{
        enabled: true,
    }],
});
// Define the source bucket that will have logs collected
const sourceBucket = new aws.s3.BucketV2("source_bucket", {
    bucket: "my-source-bucket",
    versionings: [{
        enabled: true,
    }],
    loggings: [{
        targetBucket: logBucket.id,
        targetPrefix: "log/",
    }],
    policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::${logBucket.bucket}/*"
    }
  ]
}
`,
});
export const sourceBucketName = sourceBucket.bucket;
export const logBucketName = logBucket.bucket;

This program configures two S3 buckets: one for storing logs (my-log-bucket) and another that collects logs (my-source-bucket). The logging settings ensure that access logs from my-source-bucket are stored in my-log-bucket. Policies are set up to allow the source bucket to write logs to the log bucket. The stack outputs the names of the created buckets for verification.

Conclusion

In summary, we’ve successfully set up an S3 bucket with logging directed to another S3 bucket, ensuring that all necessary permissions are configured to allow the source bucket to write logs to the target bucket. This setup enhances your ability to monitor and audit access to your S3 resources effectively.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up