All geek questions in one place

AWS S3 vs AWS cloudtrail branch logs

What is the difference between AWS S3 and AWS CloudTrail magazines? On the CloudTrail doc, I saw this:

CloudTrail adds another dimension to the monitoring capabilities already offered by AWS. It does not change or replace the logging features that you may already be using.

+10
source share
5 answers

CloudTrail tracks API access for infrastructure-changing events, in S3 this means creating, deleting, and modifying buckets ( S3 CloudTrail docs ). He is very focused on API methods that change buckets.

S3 Server Access Logging provides Web server access logging for objects in the S3 bucket. This log is object-specific, includes read-only operations, and includes non-API access, such as static web browsing.

+14
source

There are two reasons for using CloudTrail logs over S3 server access logs:

  1. You are interested in maintaining an activity log at the segment level. CloudTrail has it, S3 no magazines.
  2. You have a log analysis setting that includes CloudWatch log streams. S3 base logs simply store log events in files in some S3 bucket and process them themselves from there (although most log analysis services can do this for you).

Bottom line: use CloudTrail, which costs more if you have a specific scenario that requires it. Otherwise, the โ€œstandardโ€ S3 server access logs are good enough.

From the CloudTrail Developer Guide ( https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudtrail-logging.html ):

Using CloudTrail Logs with Amazon S3 Server Access Logs and CloudWatch Logs

You can use AWS CloudTrail logs with server access logs for Amazon S3. CloudTrail logs provide detailed API tracking for Amazon S3 segment-level operations and object-level operations, while Amazon S3 server access logs provide visibility of data-level operations with your data in Amazon S3. For more information about server access logs, see Amazon S3 Server Access Logging.

You can also use CloudTrail logs with CloudWatch for Amazon S3. CloudTrail integration with CloudWatch logs ensures that the S3 API activity captured by CloudTrail is in the CloudWatch log stream in the CloudWatch log group you specify. You can create CloudWatch alarms to monitor specific API activity and receive email alerts when a specific API activity occurs. For more information on CloudWatch alerts to monitor specific API activity, see the AWS CloudTrail User Guide. For more information about using CloudWatch with Amazon S3, see "Monitoring performance with Amazon CloudWatch."

+3
source

CloudTrail logs API calls to access your AWS account. These CloudTrail logs are stored in the Amazon S3 Bucket.

Both offer different services.

Definition you shared with CloudTrail Doc: CloudTrail adds another dimension to the monitoring capabilities already offered by AWS. It does not change or replace logging features that you may already be using.

This means that you have already activated some of the other logging features offered by other AWS services, such as ELB logging, etc. But when you turn on CloudTrail monitoring, you donโ€™t need to worry about your previous logging features, as they will remain active. You will receive logs from all services. Thus, by enabling CloudTrail logging, it does not change or replace the logging features that you may already be using.

Hope this helps ... :)

0
source

AWS CloudTrail is an AWS service for registering all account activities on different AWS resources. It also tracks things like logging in to the IAM console, etc. After the CloudTrail service is turned on, you can simply go to the CloudTrail console and see all the actions, as well as apply filters. In addition, when you enable it, you can register these actions and send data to AWS CloudWatch. In AWS CloudWatch, you can apply filters as well as create alarms to notify you that a particular activity is taking place.

Writing to S3 allows you to keep a log of basic activities on your S3 buckets / objects.

0
source

Since this question was asked, AWS has added yet another functionality, namely Cloudtrail Data events

3 features currently available

  1. Cloudtrail: Which logs are almost all call APIs at Bucket Ref level
  2. Cloudtrail data events: which logs are almost all API calls at the object level Ref
  3. Access to S3 server : which registers almost everything ( delivery of server logs with maximum effort ) access to S3 objects. link

Now, 2 and 3 seem to be similar functions, but they have some differences that may prompt users to use one or the other or both (in our case)! Below are the differences that I could find:

  1. Both work at different levels of detail. For example, Cloudtrail data events can be set for all S3 segments for an AWS account, or only for a folder in an S3 segment. Whereas access logs to the S3 server will be set at the individual segment level.
  2. The S3 server access logs seem to provide more complete information about such logs as BucketOwner, HTTPStatus, ErrorCode, etc. Full list
0
source

Source: https://habr.com/ru/post/1237584/

More articles:


All Articles