Skip to main content


Ensure the S3 bucket has access logging enabled


With Access logging enabled, the S3 bucket records requests in the access logs. Access log information is useful in security investigations and for audit purposes. It is good practice to review bucket objects and enable server access logging as appropriate.


Perform the following to enable server access logging:

  1. Sign in to the AWS Management Console.
  2. Select Services.
  3. Select S3.
  4. Select an S3 bucket.
  5. Select Properties.
  6. Select Edit at Server access logging.
  7. Check Enable logging.
  8. Enter the name of the target bucket with optional prefix, format: s3://bucket/prefix.
  9. Click Save changes.
  10. Repeat steps 4-9 for each bucket that requires access logging enabled.