Sono disponibili altri esempi AWS SDK nel repository [AWS Doc SDK](https://github.com/awsdocs/aws-doc-sdk-examples) Examples. GitHub
Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
# Utilizzo `PutBucketLogging` con un AWS SDK o una CLI
Gli esempi di codice seguenti mostrano come utilizzare `PutBucketLogging`.
------
#### [ .NET ]
**SDK per .NET**
C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/S3#code-examples).
```
using System;
using System.IO;
using System.Threading.Tasks;
using Amazon.S3;
using Amazon.S3.Model;
using Microsoft.Extensions.Configuration;
///
/// This example shows how to enable logging on an Amazon Simple Storage
/// Service (Amazon S3) bucket. You need to have two Amazon S3 buckets for
/// this example. The first is the bucket for which you wish to enable
/// logging, and the second is the location where you want to store the
/// logs.
///
public class ServerAccessLogging
{
private static IConfiguration _configuration = null!;
public static async Task Main()
{
LoadConfig();
string bucketName = _configuration["BucketName"];
string logBucketName = _configuration["LogBucketName"];
string logObjectKeyPrefix = _configuration["LogObjectKeyPrefix"];
string accountId = _configuration["AccountId"];
// If the AWS Region defined for your default user is different
// from the Region where your Amazon S3 bucket is located,
// pass the Region name to the Amazon S3 client object's constructor.
// For example: RegionEndpoint.USWest2 or RegionEndpoint.USEast2.
IAmazonS3 client = new AmazonS3Client();
try
{
// Update bucket policy for target bucket to allow delivery of logs to it.
await SetBucketPolicyToAllowLogDelivery(
client,
bucketName,
logBucketName,
logObjectKeyPrefix,
accountId);
// Enable logging on the source bucket.
await EnableLoggingAsync(
client,
bucketName,
logBucketName,
logObjectKeyPrefix);
}
catch (AmazonS3Exception e)
{
Console.WriteLine($"Error: {e.Message}");
}
}
///
/// This method grants appropriate permissions for logging to the
/// Amazon S3 bucket where the logs will be stored.
///
/// The initialized Amazon S3 client which will be used
/// to apply the bucket policy.
/// The name of the source bucket.
/// The name of the bucket where logging
/// information will be stored.
/// The logging prefix where the logs should be delivered.
/// The account id of the account where the source bucket exists.
/// Async task.
public static async Task SetBucketPolicyToAllowLogDelivery(
IAmazonS3 client,
string sourceBucketName,
string logBucketName,
string logPrefix,
string accountId)
{
var resourceArn = @"""arn:aws:s3:::" + logBucketName + "/" + logPrefix + @"*""";
var newPolicy = @"{
""Statement"":[{
""Sid"": ""S3ServerAccessLogsPolicy"",
""Effect"": ""Allow"",
""Principal"": { ""Service"": ""logging.s3.amazonaws.com"" },
""Action"": [""s3:PutObject""],
""Resource"": [" + resourceArn + @"],
""Condition"": {
""ArnLike"": { ""aws:SourceArn"": ""arn:aws:s3:::" + sourceBucketName + @""" },
""StringEquals"": { ""aws:SourceAccount"": """ + accountId + @""" }
}
}]
}";
Console.WriteLine($"The policy to apply to bucket {logBucketName} to enable logging:");
Console.WriteLine(newPolicy);
PutBucketPolicyRequest putRequest = new PutBucketPolicyRequest
{
BucketName = logBucketName,
Policy = newPolicy,
};
await client.PutBucketPolicyAsync(putRequest);
Console.WriteLine("Policy applied.");
}
///
/// This method enables logging for an Amazon S3 bucket. Logs will be stored
/// in the bucket you selected for logging. Selected prefix
/// will be prepended to each log object.
///
/// The initialized Amazon S3 client which will be used
/// to configure and apply logging to the selected Amazon S3 bucket.
/// The name of the Amazon S3 bucket for which you
/// wish to enable logging.
/// The name of the Amazon S3 bucket where logging
/// information will be stored.
/// The prefix to prepend to each
/// object key.
/// Async task.
public static async Task EnableLoggingAsync(
IAmazonS3 client,
string bucketName,
string logBucketName,
string logObjectKeyPrefix)
{
Console.WriteLine($"Enabling logging for bucket {bucketName}.");
var loggingConfig = new S3BucketLoggingConfig
{
TargetBucketName = logBucketName,
TargetPrefix = logObjectKeyPrefix,
};
var putBucketLoggingRequest = new PutBucketLoggingRequest
{
BucketName = bucketName,
LoggingConfig = loggingConfig,
};
await client.PutBucketLoggingAsync(putBucketLoggingRequest);
Console.WriteLine($"Logging enabled.");
}
///
/// Loads configuration from settings files.
///
public static void LoadConfig()
{
_configuration = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("settings.json") // Load settings from .json file.
.AddJsonFile("settings.local.json", true) // Optionally, load local settings.
.Build();
}
}
```
+ Per i dettagli sull'API, consulta la [PutBucketLogging](https://docs.aws.amazon.com/goto/DotNetSDKV3/s3-2006-03-01/PutBucketLogging)sezione *AWS SDK per .NET API Reference*.
------
#### [ CLI ]
**AWS CLI**
**Esempio 1: come impostare la registrazione delle policy di bucket**
L’esempio `put-bucket-logging` seguente imposta la policy di registrazione per *amzn-s3-demo-bucket*. Innanzitutto, concedi al servizio di registrazione di log l’autorizzazione principale nella policy di bucket con il comando `put-bucket-policy`.
```
aws s3api put-bucket-policy \
--bucket amzn-s3-demo-bucket \
--policy file://policy.json
```
Contenuto di `policy.json`:
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "S3ServerAccessLogsPolicy",
"Effect": "Allow",
"Principal": {"Service": "logging.s3.amazonaws.com"},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::amzn-s3-demo-bucket/Logs/*",
"Condition": {
"ArnLike": {"aws:SourceARN": "arn:aws:s3:::SOURCE-BUCKET-NAME"},
"StringEquals": {"aws:SourceAccount": "SOURCE-AWS-ACCOUNT-ID"}
}
}
]
}
```
Per applicare la policy di registrazione di log, utilizza `put-bucket-logging`.
```
aws s3api put-bucket-logging \
--bucket amzn-s3-demo-bucket \
--bucket-logging-status file://logging.json
```
Contenuto di `logging.json`:
```
{
"LoggingEnabled": {
"TargetBucket": "amzn-s3-demo-bucket",
"TargetPrefix": "Logs/"
}
}
```
Il comando `put-bucket-policy` è necessario per concedere le autorizzazioni `s3:PutObject` al principale del servizio di registrazione di log.
Per ulteriori informazioni, consulta [Registrazione degli accessi al server Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html) nella *Guida per l’utente di Amazon S3*.
**Esempio 2: come impostare una policy di bucket per la registrazione dell’accesso su un unico utente**
L’esempio `put-bucket-logging` seguente imposta la policy di registrazione per *amzn-s3-demo-bucket*. L' AWS utente *bob@example.com* avrà il pieno controllo sui file di registro e nessun altro potrà accedervi. Concedi innanzitutto l’autorizzazione S3 con `put-bucket-acl`.
```
aws s3api put-bucket-acl \
--bucket amzn-s3-demo-bucket \
--grant-write URI=http://acs.amazonaws.com/groups/s3/LogDelivery \
--grant-read-acp URI=http://acs.amazonaws.com/groups/s3/LogDelivery
```
Applica quindi la policy di registrazione di log con `put-bucket-logging`.
```
aws s3api put-bucket-logging \
--bucket amzn-s3-demo-bucket \
--bucket-logging-status file://logging.json
```
Contenuto di `logging.json`:
```
{
"LoggingEnabled": {
"TargetBucket": "amzn-s3-demo-bucket",
"TargetPrefix": "amzn-s3-demo-bucket-logs/",
"TargetGrants": [
{
"Grantee": {
"Type": "AmazonCustomerByEmail",
"EmailAddress": "bob@example.com"
},
"Permission": "FULL_CONTROL"
}
]
}
}
```
Il comando `put-bucket-acl` è necessario per concedere al sistema di distribuzione dei log S3 le autorizzazioni necessarie (autorizzazioni di scrittura e read-acp).
Per ulteriori informazioni, consulta [Registrazione degli accessi al server Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html) nella *Guida per gli sviluppatori di Amazon S3*.
+ Per i dettagli sull'API, consulta [PutBucketLogging AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/put-bucket-logging.html)*Command Reference*.
------