Logs for actions on amazon s3 / other AWS services

amazon-web-services amazon-s3 amazon-ec2 amazon-cloudfront amazon-iam
Sairam picture Sairam · Feb 7, 2013 · Viewed 8.4k times · Source

I am trying to see which user was responsible for changes in S3 (at buckets level). I could not find a audit trail for actions done at S3 bucket level or EC2 who created instances. Beanstalk has a log of the actions the machine performed, but not which user.

Is there a way around AWS that we can see this information in IAM or any other location ?

P.S: I am not interested to know about S3 log buckets which provide access logs

Answer

Steffen Opel picture Steffen Opel · Apr 8, 2013

Update

AWS has just announced AWS CloudTrail, finally making auditing API calls available as of today (and for free), see the introductory post AWS CloudTrail - Capture AWS API Activity for details:

Do you have the need to track the API calls for one or more AWS accounts? If so, the new AWS CloudTrail service is for you.

Once enabled, AWS CloudTrail records the calls made to the AWS APIs using the AWS Management Console, the AWS Command Line Interface (CLI), your own applications, and third-party software and publishes the resulting log files to the Amazon S3 bucket of your choice. CloudTrail can also issue a notification to an Amazon SNS topic of your choice each time a file is published. Each call is logged in JSON format for easy parsing and processing.

Please note the following (temporary) constraints:

  • Not all services are covered yet, though the most important ones are included in the initial release already and AWS plans to add support for additional services over time.
  • More importantly, not all regions are supported yet (right now the US East (Northern Virginia), and US West (Oregon) Regions only), though AWS will be adding support for additional Regions as quickly as possible.

Initial Answer

This is a long standing feature request, but unfortunately AWS does not provide (public) audit trails as of today - the most reasonable way to add this feature would probably be a respective extension to AWS Identity and Access Management (IAM), which is the increasingly ubiquitous authentication and authorization layer for access to AWS resources across all existing (and almost certainly future) Products & Services.

Accordingly there are a few respective answers provided within the IAM FAQs along these lines:

Related questions

Setting up FTP on Amazon Cloud Server

I am trying to set up FTP on Amazon Cloud Server, but without luck. I search over net and there is no concrete steps how to do it. I found those commands to run: $ yum install vsftpd $ ec2-authorize default …

Read More
Amazon AWS Filezilla transfer permission denied

I have my instance of the Amazon AWS running, test page is up. I am trying to SFTP the files to the server to display my website. I have Filezilla connected to the AWS server but when I try to …

Read More
How to make a daily back up of my ec2 instance?

I have a community AMI based Linux EC2 instance in AWS. Now I want to take a daily back up of my instance, and upload that image in to S3. Is that the correct way of doing the back up …

Read More