Há mais exemplos de AWS SDK disponíveis no repositório [AWS Doc SDK Examples](https://github.com/awsdocs/aws-doc-sdk-examples) GitHub .
As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.
# Use `PutBucketLogging` com um AWS SDK ou CLI
Os exemplos de código a seguir mostram como usar o `PutBucketLogging`.
------
#### [ .NET ]
**SDK para .NET**
Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/S3#code-examples).
```
using System;
using System.IO;
using System.Threading.Tasks;
using Amazon.S3;
using Amazon.S3.Model;
using Microsoft.Extensions.Configuration;
///
/// This example shows how to enable logging on an Amazon Simple Storage
/// Service (Amazon S3) bucket. You need to have two Amazon S3 buckets for
/// this example. The first is the bucket for which you wish to enable
/// logging, and the second is the location where you want to store the
/// logs.
///
public class ServerAccessLogging
{
private static IConfiguration _configuration = null!;
public static async Task Main()
{
LoadConfig();
string bucketName = _configuration["BucketName"];
string logBucketName = _configuration["LogBucketName"];
string logObjectKeyPrefix = _configuration["LogObjectKeyPrefix"];
string accountId = _configuration["AccountId"];
// If the AWS Region defined for your default user is different
// from the Region where your Amazon S3 bucket is located,
// pass the Region name to the Amazon S3 client object's constructor.
// For example: RegionEndpoint.USWest2 or RegionEndpoint.USEast2.
IAmazonS3 client = new AmazonS3Client();
try
{
// Update bucket policy for target bucket to allow delivery of logs to it.
await SetBucketPolicyToAllowLogDelivery(
client,
bucketName,
logBucketName,
logObjectKeyPrefix,
accountId);
// Enable logging on the source bucket.
await EnableLoggingAsync(
client,
bucketName,
logBucketName,
logObjectKeyPrefix);
}
catch (AmazonS3Exception e)
{
Console.WriteLine($"Error: {e.Message}");
}
}
///
/// This method grants appropriate permissions for logging to the
/// Amazon S3 bucket where the logs will be stored.
///
/// The initialized Amazon S3 client which will be used
/// to apply the bucket policy.
/// The name of the source bucket.
/// The name of the bucket where logging
/// information will be stored.
/// The logging prefix where the logs should be delivered.
/// The account id of the account where the source bucket exists.
/// Async task.
public static async Task SetBucketPolicyToAllowLogDelivery(
IAmazonS3 client,
string sourceBucketName,
string logBucketName,
string logPrefix,
string accountId)
{
var resourceArn = @"""arn:aws:s3:::" + logBucketName + "/" + logPrefix + @"*""";
var newPolicy = @"{
""Statement"":[{
""Sid"": ""S3ServerAccessLogsPolicy"",
""Effect"": ""Allow"",
""Principal"": { ""Service"": ""logging.s3.amazonaws.com"" },
""Action"": [""s3:PutObject""],
""Resource"": [" + resourceArn + @"],
""Condition"": {
""ArnLike"": { ""aws:SourceArn"": ""arn:aws:s3:::" + sourceBucketName + @""" },
""StringEquals"": { ""aws:SourceAccount"": """ + accountId + @""" }
}
}]
}";
Console.WriteLine($"The policy to apply to bucket {logBucketName} to enable logging:");
Console.WriteLine(newPolicy);
PutBucketPolicyRequest putRequest = new PutBucketPolicyRequest
{
BucketName = logBucketName,
Policy = newPolicy,
};
await client.PutBucketPolicyAsync(putRequest);
Console.WriteLine("Policy applied.");
}
///
/// This method enables logging for an Amazon S3 bucket. Logs will be stored
/// in the bucket you selected for logging. Selected prefix
/// will be prepended to each log object.
///
/// The initialized Amazon S3 client which will be used
/// to configure and apply logging to the selected Amazon S3 bucket.
/// The name of the Amazon S3 bucket for which you
/// wish to enable logging.
/// The name of the Amazon S3 bucket where logging
/// information will be stored.
/// The prefix to prepend to each
/// object key.
/// Async task.
public static async Task EnableLoggingAsync(
IAmazonS3 client,
string bucketName,
string logBucketName,
string logObjectKeyPrefix)
{
Console.WriteLine($"Enabling logging for bucket {bucketName}.");
var loggingConfig = new S3BucketLoggingConfig
{
TargetBucketName = logBucketName,
TargetPrefix = logObjectKeyPrefix,
};
var putBucketLoggingRequest = new PutBucketLoggingRequest
{
BucketName = bucketName,
LoggingConfig = loggingConfig,
};
await client.PutBucketLoggingAsync(putBucketLoggingRequest);
Console.WriteLine($"Logging enabled.");
}
///
/// Loads configuration from settings files.
///
public static void LoadConfig()
{
_configuration = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("settings.json") // Load settings from .json file.
.AddJsonFile("settings.local.json", true) // Optionally, load local settings.
.Build();
}
}
```
+ Para obter detalhes da API, consulte [PutBucketLogging](https://docs.aws.amazon.com/goto/DotNetSDKV3/s3-2006-03-01/PutBucketLogging)a *Referência AWS SDK para .NET da API*.
------
#### [ CLI ]
**AWS CLI**
**Exemplo 1: definir o registro em log da política de bucket**
O exemplo de `put-bucket-logging` a seguir define a política de registro em log para *amzn-s3-demo-bucket*. Primeiro, conceda permissão à entidade principal do serviço de registro em log na política de bucket usando o comando `put-bucket-policy`.
```
aws s3api put-bucket-policy \
--bucket amzn-s3-demo-bucket \
--policy file://policy.json
```
Conteúdo de `policy.json`:
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "S3ServerAccessLogsPolicy",
"Effect": "Allow",
"Principal": {"Service": "logging.s3.amazonaws.com"},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::amzn-s3-demo-bucket/Logs/*",
"Condition": {
"ArnLike": {"aws:SourceARN": "arn:aws:s3:::SOURCE-BUCKET-NAME"},
"StringEquals": {"aws:SourceAccount": "SOURCE-AWS-ACCOUNT-ID"}
}
}
]
}
```
Para aplicar a política de registro em log, use `put-bucket-logging`.
```
aws s3api put-bucket-logging \
--bucket amzn-s3-demo-bucket \
--bucket-logging-status file://logging.json
```
Conteúdo de `logging.json`:
```
{
"LoggingEnabled": {
"TargetBucket": "amzn-s3-demo-bucket",
"TargetPrefix": "Logs/"
}
}
```
O comando `put-bucket-policy` é necessário para conceder as permissões `s3:PutObject` à entidade principal do serviço de registro em log.
Consulte mais informações em [Registrar em log as solicitações com registro em log de acesso ao servidor](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html) no *Guia do usuário do Amazon S3*.
**Exemplo 2: definir uma política de bucket para registrar em log o acesso a um único usuário**
O exemplo de `put-bucket-logging` a seguir define a política de registro em log para *amzn-s3-demo-bucket*. O AWS usuário *bob@example.com* terá controle total sobre os arquivos de log e ninguém mais terá acesso. Primeiro, conceda permissão ao S3 com `put-bucket-acl`.
```
aws s3api put-bucket-acl \
--bucket amzn-s3-demo-bucket \
--grant-write URI=http://acs.amazonaws.com/groups/s3/LogDelivery \
--grant-read-acp URI=http://acs.amazonaws.com/groups/s3/LogDelivery
```
Depois, aplique a política de registro em log usando `put-bucket-logging`.
```
aws s3api put-bucket-logging \
--bucket amzn-s3-demo-bucket \
--bucket-logging-status file://logging.json
```
Conteúdo de `logging.json`:
```
{
"LoggingEnabled": {
"TargetBucket": "amzn-s3-demo-bucket",
"TargetPrefix": "amzn-s3-demo-bucket-logs/",
"TargetGrants": [
{
"Grantee": {
"Type": "AmazonCustomerByEmail",
"EmailAddress": "bob@example.com"
},
"Permission": "FULL_CONTROL"
}
]
}
}
```
O comando `put-bucket-acl` é necessário para conceder as permissões necessárias ao sistema de entrega de log do S3 (permissões de gravação e read-acp).
Consulte mais informações em [Habilitar o log de acesso ao servidor do Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html) no *Guia do desenvolvedor do Amazon S3*.
+ Para obter detalhes da API, consulte [PutBucketLogging](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/put-bucket-logging.html)em *Referência de AWS CLI Comandos*.
------