Ci sono altri AWS SDK esempi disponibili nel repository AWS Doc SDK Examples
Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
Utilizzare PutBucketLogging
con un o AWS SDK CLI
I seguenti esempi di codice mostrano come utilizzarePutBucketLogging
.
- .NET
-
- AWS SDK for .NET
-
Nota
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel Repository di esempi di codice AWS
. using System; using System.IO; using System.Threading.Tasks; using Amazon.S3; using Amazon.S3.Model; using Microsoft.Extensions.Configuration; /// <summary> /// This example shows how to enable logging on an Amazon Simple Storage /// Service (Amazon S3) bucket. You need to have two Amazon S3 buckets for /// this example. The first is the bucket for which you wish to enable /// logging, and the second is the location where you want to store the /// logs. /// </summary> public class ServerAccessLogging { private static IConfiguration _configuration = null!; public static async Task Main() { LoadConfig(); string bucketName = _configuration["BucketName"]; string logBucketName = _configuration["LogBucketName"]; string logObjectKeyPrefix = _configuration["LogObjectKeyPrefix"]; string accountId = _configuration["AccountId"]; // If the AWS Region defined for your default user is different // from the Region where your Amazon S3 bucket is located, // pass the Region name to the Amazon S3 client object's constructor. // For example: RegionEndpoint.USWest2 or RegionEndpoint.USEast2. IAmazonS3 client = new AmazonS3Client(); try { // Update bucket policy for target bucket to allow delivery of logs to it. await SetBucketPolicyToAllowLogDelivery( client, bucketName, logBucketName, logObjectKeyPrefix, accountId); // Enable logging on the source bucket. await EnableLoggingAsync( client, bucketName, logBucketName, logObjectKeyPrefix); } catch (AmazonS3Exception e) { Console.WriteLine($"Error: {e.Message}"); } } /// <summary> /// This method grants appropriate permissions for logging to the /// Amazon S3 bucket where the logs will be stored. /// </summary> /// <param name="client">The initialized Amazon S3 client which will be used /// to apply the bucket policy.</param> /// <param name="sourceBucketName">The name of the source bucket.</param> /// <param name="logBucketName">The name of the bucket where logging /// information will be stored.</param> /// <param name="logPrefix">The logging prefix where the logs should be delivered.</param> /// <param name="accountId">The account id of the account where the source bucket exists.</param> /// <returns>Async task.</returns> public static async Task SetBucketPolicyToAllowLogDelivery( IAmazonS3 client, string sourceBucketName, string logBucketName, string logPrefix, string accountId) { var resourceArn = @"""arn:aws:s3:::" + logBucketName + "/" + logPrefix + @"*"""; var newPolicy = @"{ ""Statement"":[{ ""Sid"": ""S3ServerAccessLogsPolicy"", ""Effect"": ""Allow"", ""Principal"": { ""Service"": ""logging.s3.amazonaws.com"" }, ""Action"": [""s3:PutObject""], ""Resource"": [" + resourceArn + @"], ""Condition"": { ""ArnLike"": { ""aws:SourceArn"": ""arn:aws:s3:::" + sourceBucketName + @""" }, ""StringEquals"": { ""aws:SourceAccount"": """ + accountId + @""" } } }] }"; Console.WriteLine($"The policy to apply to bucket {logBucketName} to enable logging:"); Console.WriteLine(newPolicy); PutBucketPolicyRequest putRequest = new PutBucketPolicyRequest { BucketName = logBucketName, Policy = newPolicy, }; await client.PutBucketPolicyAsync(putRequest); Console.WriteLine("Policy applied."); } /// <summary> /// This method enables logging for an Amazon S3 bucket. Logs will be stored /// in the bucket you selected for logging. Selected prefix /// will be prepended to each log object. /// </summary> /// <param name="client">The initialized Amazon S3 client which will be used /// to configure and apply logging to the selected Amazon S3 bucket.</param> /// <param name="bucketName">The name of the Amazon S3 bucket for which you /// wish to enable logging.</param> /// <param name="logBucketName">The name of the Amazon S3 bucket where logging /// information will be stored.</param> /// <param name="logObjectKeyPrefix">The prefix to prepend to each /// object key.</param> /// <returns>Async task.</returns> public static async Task EnableLoggingAsync( IAmazonS3 client, string bucketName, string logBucketName, string logObjectKeyPrefix) { Console.WriteLine($"Enabling logging for bucket {bucketName}."); var loggingConfig = new S3BucketLoggingConfig { TargetBucketName = logBucketName, TargetPrefix = logObjectKeyPrefix, }; var putBucketLoggingRequest = new PutBucketLoggingRequest { BucketName = bucketName, LoggingConfig = loggingConfig, }; await client.PutBucketLoggingAsync(putBucketLoggingRequest); Console.WriteLine($"Logging enabled."); } /// <summary> /// Loads configuration from settings files. /// </summary> public static void LoadConfig() { _configuration = new ConfigurationBuilder() .SetBasePath(Directory.GetCurrentDirectory()) .AddJsonFile("settings.json") // Load settings from .json file. .AddJsonFile("settings.local.json", true) // Optionally, load local settings. .Build(); } }
-
Per API i dettagli, vedi PutBucketLogging AWS SDK for .NETAPIReference.
-
- CLI
-
- AWS CLI
-
Esempio 1: per impostare la registrazione delle policy relative ai bucket
L'
put-bucket-logging
esempio seguente imposta la politica di registrazione per. MyBucket Innanzitutto, concedi al servizio di registrazione l'autorizzazione principale nella tua policy del bucket utilizzando il comando.put-bucket-policy
aws s3api put-bucket-policy \ --bucket
MyBucket
\ --policyfile://policy.json
Contenuto di
policy.json
.{ "Version": "2012-10-17", "Statement": [ { "Sid": "S3ServerAccessLogsPolicy", "Effect": "Allow", "Principal": {"Service": "logging.s3.amazonaws.com"}, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::MyBucket/Logs/*", "Condition": { "ArnLike": {"aws:SourceARN": "arn:aws:s3:::SOURCE-BUCKET-NAME"}, "StringEquals": {"aws:SourceAccount": "SOURCE-AWS-ACCOUNT-ID"} } } ] }
Per applicare la politica di registrazione, usa.
put-bucket-logging
aws s3api put-bucket-logging \ --bucket
MyBucket
\ --bucket-logging-statusfile://logging.json
Contenuto di
logging.json
.{ "LoggingEnabled": { "TargetBucket": "MyBucket", "TargetPrefix": "Logs/" } }
Il
put-bucket-policy
comando è necessario per concederes3:PutObject
le autorizzazioni al responsabile del servizio di registrazione.Per ulteriori informazioni, consulta Amazon S3 Server Access Logging nella Amazon S3 User Guide.
Esempio 2: impostare una policy sui bucket per registrare l'accesso a un solo utente
L'
put-bucket-logging
esempio seguente imposta la politica di registrazione per. MyBucket L' AWS utente bob@example.com avrà il pieno controllo sui file di registro e nessun altro potrà accedervi. Innanzitutto, concedi l'autorizzazione a S3 conput-bucket-acl
.aws s3api put-bucket-acl \ --bucket
MyBucket
\ --grant-writeURI=http://acs.amazonaws.com/groups/s3/LogDelivery
\ --grant-read-acpURI=http://acs.amazonaws.com/groups/s3/LogDelivery
Quindi applica la politica di registrazione utilizzando.
put-bucket-logging
aws s3api put-bucket-logging \ --bucket
MyBucket
\ --bucket-logging-statusfile://logging.json
Contenuto di
logging.json
.{ "LoggingEnabled": { "TargetBucket": "MyBucket", "TargetPrefix": "MyBucketLogs/", "TargetGrants": [ { "Grantee": { "Type": "AmazonCustomerByEmail", "EmailAddress": "bob@example.com" }, "Permission": "FULL_CONTROL" } ] } }
il
put-bucket-acl
comando è necessario per concedere al sistema di consegna dei log di S3 le autorizzazioni necessarie (autorizzazioni di scrittura e lettura acp).Per ulteriori informazioni, consulta Amazon S3 Server Access Logging nella Amazon S3 Developer Guide.
-
Per API i dettagli, consulta Command PutBucketLogging
Reference AWS CLI .
-