---
title: Export to AWS S3
url: /docs/administration/security-compliance/audit-logs/aws-s3/
---
> **Note:** Automated export is only available on the Pulumi Business Critical Edition. If you don't see it in your organization, [contact sales](/contact?form=sales).

Pulumi Cloud can continuously export audit log events to an Amazon S3 bucket. Once configured, new events are delivered automatically — no manual downloads or API polling required.

## Configure export using the console

1. Navigate to the organization's **Settings**.
1. Navigate to **Audit Logs**.
1. Use the three-dot menu and select **Configure Audit Logs to S3**.

   ![Audit log export menu showing the Configure Audit Logs to S3 option](/images/docs/reference/console/ale-menu.png)

1. Follow the instructions to create an AWS S3 bucket.
1. Provide a bucket name and a filepath where Pulumi audit logs will be exported, e.g., `Pulumi-audit-logs`.
1. Copy the provided policy.
1. In the AWS console create an IAM role.
1. Select **Another AWS Account** and check **Require external ID**.
1. Provide the Account ID and External ID, then attach the policy you created.
1. Provide the ARN of the IAM role.
1. Test your configuration.

   ![Testing the audit log export configuration](/images/docs/reference/console/test-ale-configuration.png)

1. After a successful test, select **Save and Apply**.
1. After an hour, verify that logs have successfully started exporting.

   ![Successful audit log export configuration](/images/docs/reference/console/ale-success.png)