Describes where logs are stored and the prefix that Amazon S3 assigns to all log object keys for a bucket. For examples and more information, see PUT Bucket logging in the Amazon S3 API Reference.
Note
To successfully complete the AWS::S3::Bucket LoggingConfiguration request,
you must have s3:PutObject and s3:PutObjectAcl in your IAM
permissions.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"DestinationBucketName" : String,
"LogFilePrefix" : String,
"TargetObjectKeyFormat" : TargetObjectKeyFormat
}
YAML
DestinationBucketName: String
LogFilePrefix: String
TargetObjectKeyFormat:
TargetObjectKeyFormat
Properties
DestinationBucketName-
The name of the bucket where Amazon S3 should store server access log files. You can store log files in any bucket that you own. By default, logs are stored in the bucket where the
LoggingConfigurationproperty is defined.Required: No
Type: String
Update requires: No interruption
LogFilePrefix-
A prefix for all log object keys. If you store log files from multiple Amazon S3 buckets in a single bucket, you can use a prefix to distinguish which log files came from which bucket.
Required: No
Type: String
Update requires: No interruption
TargetObjectKeyFormat-
Amazon S3 key format for log objects. Only one format, either PartitionedPrefix or SimplePrefix, is allowed.
Required: No
Type: TargetObjectKeyFormat
Update requires: No interruption
Examples
Log access requests for a specific S3 bucket
The following example template creates two S3 buckets. The LoggingBucket
bucket store the logs from the S3Bucket bucket. To receive logs from the
S3Bucket bucket, the logging bucket requires log delivery write
permissions.
JSON
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"S3Bucket": {
"Type": "AWS::S3::Bucket",
"Properties": {
"LoggingConfiguration": {
"DestinationBucketName": {
"Ref": "LoggingBucket"
},
"LogFilePrefix": "testing-logs"
}
}
},
"LoggingBucket": {
"Type": "AWS::S3::Bucket"
},
"S3BucketPolicy": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "LoggingBucket"
},
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Principal": {
"Service": "logging.s3.amazonaws.com"
},
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "LoggingBucket"
},
"/*"
]
]
},
"Condition": {
"ArnLike": {
"aws:SourceArn": {
"Fn::GetAtt": [
"S3Bucket",
"Arn"
]
}
},
"StringEquals": {
"aws:SourceAccount": {
"Fn::Sub": "${AWS::AccountId}"
}
}
}
}
]
}
}
}
},
"Outputs": {
"BucketName": {
"Value": {
"Ref": "S3Bucket"
},
"Description": "Name of the sample Amazon S3 bucket with a logging configuration."
}
}
}YAML
AWSTemplateFormatVersion: 2010-09-09
Resources:
S3Bucket:
Type: 'AWS::S3::Bucket'
Properties:
LoggingConfiguration:
DestinationBucketName: !Ref LoggingBucket
LogFilePrefix: testing-logs
LoggingBucket:
Type: 'AWS::S3::Bucket'
S3BucketPolicy:
Type: 'AWS::S3::BucketPolicy'
Properties:
Bucket: !Ref LoggingBucket
PolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- 's3:PutObject'
Effect: Allow
Principal:
Service: logging.s3.amazonaws.com
Resource: !Join
- ''
- - 'arn:aws:s3:::'
- !Ref LoggingBucket
- /*
Condition:
ArnLike:
'aws:SourceArn': !GetAtt
- S3Bucket
- Arn
StringEquals:
'aws:SourceAccount': !Sub '${AWS::AccountId}'
Outputs:
BucketName:
Value: !Ref S3Bucket
Description: Name of the sample Amazon S3 bucket with a logging configuration.
Setting up logging configurations with log prefixes based on event time
The following example template configures the DOC-EXAMPLE-BUCKET destination bucket with a logs/ prefix and event time log delivery.
JSON
"LoggingConfiguration": {
"DestinationBucketName": "DOC-EXAMPLE-BUCKET",
"LogFilePrefix": "logs/",
"TargetObjectKeyFormat": {
"PartitionedPrefix": {
"PartitionDateSource": "EventTime"
}
}
}
YAML
LoggingConfiguration:
DestinationBucketName: "DOC-EXAMPLE-BUCKET"
LogFilePrefix: logs/
TargetObjectKeyFormat:
PartitionedPrefix:
PartitionDateSource: EventTime
Setting up logging configurations with log prefixes based on delivery time
The following example template configures the DOC-EXAMPLE-BUCKET destination bucket with a logs/ prefix and delivery time log delivery.
JSON
"LoggingConfiguration": {
"DestinationBucketName": "DOC-EXAMPLE-BUCKET",
"LogFilePrefix": "logs/",
"TargetObjectKeyFormat": {
"PartitionedPrefix": {
"PartitionDateSource": "DeliveryTime"
}
}
}
YAML
LoggingConfiguration:
DestinationBucketName: "DOC-EXAMPLE-BUCKET"
LogFilePrefix: logs/
TargetObjectKeyFormat:
PartitionedPrefix:
PartitionDateSource: DeliveryTime
Setting up logging configurations with a simple prefix
The following example template configures the DOC-EXAMPLE-BUCKET destination bucket with a logs/ prefix and simple prefix delivery.
JSON
"LoggingConfiguration": {
"DestinationBucketName": "DOC-EXAMPLE-BUCKET",
"LogFilePrefix": "logs/",
"TargetObjectKeyFormat": {
"SimplePrefix": {}
}
}
YAML
LoggingConfiguration:
DestinationBucketName: "DOC-EXAMPLE-BUCKET"
LogFilePrefix: logs/
TargetObjectKeyFormat:
SimplePrefix: {}
