- Newest
- Most votes
- Most comments
Ideally partitions can be used to only query the information you are interested in saving time and cost by limiting the data to search. With S3 access logs this is made more difficult due to no prefix's being used (solutions discussed https://repost.aws/questions/QUjQHGAO_nQd-PsIKsvfH3HA/partitioning-s-3-access-logs-to-optimize-athena-queries). You could enable data events for this bucket in CloudTrail to then export out to S3 and query with Athena which has better support for partitions so will be possible to scan over a larger data set although this is more expensive due to CloudTrail being involved, information about setting that up here https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events-examples
If that bucket is public for the purpose of being behind a Cloudfront distribution, access to the bucket can be setup so that only Cloudfront can access the objects and thus preventing any direct access bypassing Cloudfront https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html. If you have any applications that also access the bucket, the policy can be configured so that there access is still allowed.
Relevant content
- asked a year ago
- asked 8 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 24 days ago