AWS S3 bucket logs vs AWS cloudtrail

Steve Ritz picture Steve Ritz · Dec 7, 2015 · Viewed 19.5k times · Source

What's the difference between the AWS S3 logs and the AWS CloudTrail? On the doc of CloudTrail I saw this:

CloudTrail adds another dimension to the monitoring capabilities already offered by AWS. It does not change or replace logging features you might already be using.

Answer

James picture James · Dec 7, 2015

CloudTrail tracks API access for infrastructure-changing events, in S3 this means creating, deleting, and modifying bucket (S3 CloudTrail docs). It is very focused on API methods that modify buckets.

S3 Server Access Logging provides web server-style logging of access to the objects in an S3 bucket. This logging is granular to the object, includes read-only operations, and includes non-API access like static web site browsing.