'Generating s3 access logs using AWS SDK

Problem Statement:

We have a number of s3 buckets, some of which includes PII. As part of our internal audit procedure, we need to generate a daily report outlining who has accessed these buckets if any.

Constraints:

  • This needs be done through AWS SDK (in whatever language possible)
  • important: All of our staff use AWS SSO to access the buckets

I think one solution could be enabling the access logs for these buckets and parse out the logs but I was wondering if that's a good idea or someone has a better solution in mind. Thanks!

aws-sdkauditaws-sdk-jsaws-sso


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Choose Amazon S3 storage class using Laravel Filesystem

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

Why my cloudformation template is over 1 MB?

MemoryError zipfile in memory

Determine if an object exists in a S3 bucket based on wildcard

Trouble setting cache-cotrol header for Amazon S3 key using boto

Trouble setting cache-cotrol header for Amazon S3 key using boto

Connect Thumbor with AWS - s3

Logging to Amazon S3

Why is my access denied on s3 (using the aws-sdk for Node.js)?

Alluxio on kubernetes(EKS) supports s3 connection without aws accessKey and secretKey? Is the s3 connection configurable with role arn alone?

Uploading image to amazon s3 using multer-s3 nodejs

Reading file from s3 in pyspark using org.apache.hadoop:hadoop-aws

Load data from S3 into Aurora Serverless using AWS Glue

Apache Iceberg table format to ADLS / azure data lake