nishant angaria
Reputation: 11
how to make cloud trail log files publicly readable
Cloud trail is keeping all its log file in S3 bucket. Bucket's Permission: Object Access is set to "Read" for Everyone When you click on bucket and you reach the point where you see your log file.
then we see file's Permission: Object Access is not set to read or write by Everyone.
Upvotes: 1
Views: 54
Answers (1)
John Rotenstein
Reputation: 269470
You will need to create an Amazon S3 bucket policy. For example:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::cloudtrail-bucket/logs/*"]
}
]
}
However, making your CloudTrail logs fully public is not wise from a security viewpoint, because people could obtain information about your account that they could use to compromise security (eg instances launched, data stored, usernames). You really should only provide access to authorized users.
Upvotes: 2
Related Questions
- AWS: Permissions for exporting logs from Cloudwatch to Amazon S3
- Is it possible to write cloudtrail logs to an s3 bucket in another, third-party AWS account?
- Cloudtrail not logging my s3 bucket events
- Moving specific Logs from AWS Cloudtrail to S3
- How to manage AWS CloudTrail logs events to CloudWatch?
- AWS CloudTrail: Can I disable S3 storage for trails, since I'm using CloudWatch
- How do you enable S3 Object Logging to Cloud Trail using AWS CLI?
- Stream file log to cloudwatch
- Use aws cloudtrail to collect application logs
- Get AWS CloudTrail log to Kibana