'AWS S3 Access Logging for All Buckets

Is it possible to have server access logging enabled for all S3 buckets in an account? While you can configure an S3 bucket to log to itself, according to this document that will result in a loop that will cascade: https://aws.amazon.com/premiumsupport/knowledge-center/s3-server-access-logs-same-bucket/.

Is there some way to tell it not to log actions caused by the access logging action? Should the access log bucket not have access logs enable for itself? Seems like that'd be leaving a security hole.

I set my S3 access log bucket to send access logs to itself and, as expected, an infinite storm of logs occurred as the access logging seemed to log it's own actions. I had hoped that maybe AWS had improved this over the years, but I guess not.



Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function