AWS S3 can distribute files to the public by configuring a public bucket or configuring public access to specific objects from within the bucket. S3 can also be used to host static websites.

47411d8baafa8cced757f771442e08849454857df58a341bfbcdf5bc22ea7be8 simplified-guide [18/Feb/2019:05:43:32 +0000] 112.120.201.145 - 381A22D2E282215C WEBSITE.GET.OBJECT index.html "GET / HTTP/1.1" 404 NoSuchKey 538 - 28 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96 Safari/537.36" -
47411d8baafa8cced757f771442e08849454857df58a341bfbcdf5bc22ea7be8 simplified-guide [18/Feb/2019:05:43:34 +0000] 112.120.201.145 - 64BED33D9CCEB6B7 WEBSITE.GET.OBJECT favicon.ico "GET /favicon.ico HTTP/1.1" 404 NoSuchKey 539 - 14 - "http://simplified-guide.s3-website.us-east-1.amazonaws.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96 Safari/537.36" -
47411d8baafa8cced757f771442e08849454857df58a341bfbcdf5bc22ea7be8 simplified-guide [18/Feb/2019:05:43:43 +0000] 112.120.201.145 - 560BDDE0527AC26F WEBSITE.GET.OBJECT oseems.png "GET /oseems.png HTTP/1.1" 200 - 31397 31397 12 11 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96 Safari/537.36" -

You can choose to log access to objects in your S3 buckets just as you would if you're hosting it via a webserver by configuring Server access logging option for your S3 bucket. The log can be configured to be stored in another S3 bucket that is preferably private.

Steps to log access to AWS S3 bucket and website:

  1. Create a private S3 bucket to store the access logs if you don't already have one.
  2. Go to S3 section in your AWS Console.
  3. Click on the S3 bucket that you want to log the access to.
  4. Click on the Properties tab.
  5. Scroll down to the Server access logging section and click on the Edit button.
  6. Click on the Enable radio button.
  7. Click on the Browse S3 button.
  8. Select the private S3 bucket to store the logs.
  9. Select path if available and click on Choose path to confirm the selected destination.

    The logs will be stored in the root path of the bucket if no path is available and/or selected.

  10. Click on the Save changes button to implement the access logging changes.
  11. Go back to the AWS S3 dashboard.
  12. Click on the public bucket with the access logging configured.
  13. Click on any object in the bucket.
  14. Click on the URL in the Object URL section to simulate object access.
  15. Go back to the S3 dashboard.
  16. Click on the bucket that was configured to store the logs.
  17. Click on any of the generated log files.

    The log files are not generated and made available in real-time, so there will be some delay from accessing the objects and for the logs to be available.

  18. Click on the Download button.
  19. Save the log file or open using your preferred text editor for analysis.
Discuss the article:

Comment anonymously. Login not required.