Reputation: 417
How to get list of users who are accessing the objects in S3 Buckets?
Scenario: My client have 80+ S3 Buckets and 1000+ applications is running in their AWS account. I want to get the list of IAM users/roles who are accessing the objects in all the S3 Buckets.
Method 1: Initially I tried to fetch it from CloudTrail Event History, but no luck.
From the above image, you can see CloudTrail is failing to log the object level logging.
Method 2: I created a CloudTrail Trails to log the activities. But it captures all management level activities happening through out the account which makes me hard to find the S3 logs alone(I already mentioned that there is 80+ Buckets & 1000+ applications in the account).
Method 3: S3 Server Access Log: If I enable this option, it creates log entry for every action happening to the objects. (that is: When I attempt to read a log file, it creates an another log. It keeps on doubling the count of logs)
If anyone have a solution to find the list of IAM users/roles who are accessing the S3 bucket objects and in an effective way, please help me.
Thanks in advance.
Upvotes: 1
Views: 2093
Answers (1)
Reputation: 925
- For each bucket, configure object-level logging.
- Once that is complete, you can use the CloudTrail API to filter events and extract IAM identities making the requests.
aws cloudtrail lookup-events --lookup-attributes AttributeKey=ResourceType,AttributeValue=AWS::S3::Object --query Events[*].Username
Upvotes: 4
Related Questions
- How can I monitor AWS S3 access by user?
- How to list all aws s3 objects which the current user has permission to acess?
- Find S3 Bucket Owner
- Amazon S3 find which user/role is used to update/upload and Object
- Is it possible to list all the AWS S3 buckets I have access to?
- How to find out who uploaded data in S3 bucket
- AWS console see what action has been done by which user
- List S3 contents by the owner
- How to find S3 bucket created user?
- How to see requests to S3 bucket?