- Newest
- Most votes
- Most comments
You can use the Amazon S3 console to configure an AWS CloudTrail trail to log data events for objects in an S3 bucket. CloudTrail supports logging Amazon S3 object-level API operations such as GetObject, DeleteObject, and PutObject. These events are called data events.
Here’s an example of a DeleteObject event from CloudTrail logs:
{
"eventVersion": "1.08",
"userIdentity": {
...
},
"eventTime": "2024-06-12T14:58:59Z",
"eventSource": "s3.amazonaws.com",
"eventName": "DeleteObject",
"awsRegion": "us-west-2",
"sourceIPAddress": "192.0.2.0",
"userAgent": "aws-sdk-java",
"requestParameters": {
"bucketName": "example-bucket",
"key": "example-file.txt"
},
"responseElements": null,
"additionalEventData": {
"SignatureVersion": "SigV4",
"CipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"bytesTransferredIn": 0,
"bytesTransferredOut": 0
},
"requestID": "C3D13FE58DE4C810",
"eventID": "8f3b23bb-d466-4776-8880-cd34fa6c5e86",
"readOnly": false,
"resources": [
{
"type": "AWS::S3::Object",
"ARN": "arn:aws:s3:::example-bucket/example-file.txt"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012"
}
Perhaps just to clarify a bit more, the
path
of the file in S3 is thekey
in the listing above."requestParameters": { "bucketName": "example-bucket", "key": "example-file.txt" },
In this case the path of the file is just
example-file.txt
in the root of the bucket but this could befolder/folder/example-file.txt
Hope this helps!
You can find the entire event details by further expanding that data event. There are two ways of doing:
1: Go to Cloudtrail console - > Event History -> choose Lookup attribute as Event Name -> Event name as DeleteObject -> Now you need to find out, which event you exactly want information from
- There is another better way of doing this is setup athena table on top of S3 data where cloudtrail data events are being stored. For more details look at Querying cloudtrail logs. This provides more flexibility to search the specific data that you are looking for based on what you specify in filter condition in your query(where clause). Usually volume of data events use to be so high and it's not effective to find the data events over console. Querying the data events through athena is advisable.
Comment here if you have additional questions. Happy to help.
Relevant content
- asked 3 years ago
- asked 9 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 9 months ago
please accept the answer if it was useful