- Newest
- Most votes
- Most comments
Consider using Athena instead of CloudWatch to query the S3 access logs and identify the TLS Version. AWS have deprecated TLS 1.0 and TLS 1.1 versions for some time.
For Deprecation notice and guide: https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints/
For instructions on how to search using Athena: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-s3-access-logs-to-identify-requests.html
I am not sure if you have already looked at these two documentation and blog post, which talk about, how to find sources using deprectaed TLS versions:
- https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints/
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging-understanding-s3-entries.html#example-ct-log-s3
If you have already gone through these, then I'd suggest you to enable the cloudtrail data events for your s3 bucket and send those events to cloudwatch by following this documentation https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html.
Once you'd have cloudtrail logs to cloudwatch, you can use cloudwatch log insight to query the TLS version as discussed in https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints/. Other option is athena.
Hope this helps, comment here if you have additional questions.
Happy to help.
Abhishek
Assuming you are referring to S3 Sever Access Logs. Please refer to this documentation on how to search. For TLS version, search for TLSv1.1, TLSv1.2, TLSv1.3, or - if TLS wasn't used.
Relevant content
AWS OFFICIALUpdated 2 months ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a month ago
