Enable Server-Side Logging on S3 Buckets Using AWS Config Rules

Enable Server-Side Logging on S3 Buckets Using AWS Config Rules

Clock Icon2024.07.02

Introduction

Hello, this is Hemanth from the Alliance Department. In this blog, I will demonstrate how to Enable Server Side Logging on S3 Bucket by using AWS Config to Impose Rules. The aim this time is to enhance your understanding of AWS Config, S3, and how to automate compliance and logging.

AWS

Is a secure cloud service platform that offers compute power, database storage, content delivery, network, and other functionality to help businesses scale and grow. It is one of the first cloud vendors to start services in the year 2006. It offers all the 3 service models namely IAAS, PAAS, and SAAS. Some of the notable domains in AWS are Compute, Migration, Storage, Network and Content Delivery, Management Tools, Database, Messaging, Security and Identity Compliance, and many more.

Systems Manager

The all-inclusive management service AWS Systems Manager is meant to give you insight and control over your AWS infrastructure. It streamlines administrative duties like monitoring, system configuration, resource management, and application deployment. Systems Manager collects information from several AWS services to assist you in keeping your resources operating and compliant.

AWS Config

AWS Config is a service that keeps track of and logs how AWS resources are configured. It also offers compliance checks and a history view. It makes use of Conformance Packs for standardized compliance and Config Rules to compare resource settings to intended rules. To guarantee that your resources adhere to legal standards and best practices, AWS Config additionally provides real-time monitoring and repair options. It improves visibility, compliance, and operational efficiency while supporting an extensive array of AWS services.

Demo

Create an S3 Bucket

Open the AWS Management Console and search for S3. Click on Create Bucket.
Screenshot 2024-07-02 at 17.27.47
Provide a unique bucket name and ensure that ACLs are turned on.
Screenshot 2024-07-02 at 17.46.53
Leave other settings as default and click on Create Bucket.
Screenshot 2024-07-02 at 17.47.06

Configure Bucket Permissions

Inside the bucket, go to the Permissions tab and edit the Access Control List (ACL).
Screenshot 2024-07-02 at 17.48.28
Tick the Log Delivery group checkbox and click Save.
Screenshot 2024-07-02 at 17.49.31

Set Up AWS Config Rule

Go to the AWS Management Console, search for Config and click on Rules.
Screenshot 2024-07-02 at 17.50.52
Click on Add Rule.
Screenshot 2024-07-02 at 17.51.25
Select AWS Managed Rule and search for s3-bucket-logging-enabled and click next.
Screenshot 2024-07-02 at 17.52.15
Enter the bucket name and prefix in the Parameters section, and then add others as below.
Screenshot 2024-07-02 at 17.58.02
Rule has been created.
Screenshot 2024-07-02 at 18.00.18
After a few minutes, check the rule to see the compliance status of your buckets.
Screenshot 2024-07-02 at 18.01.38
Screenshot 2024-07-02 at 18.02.04

Automate Logging with AWS Systems Manager

In the console, search for Systems Manager and navigate to Automation.
Screenshot 2024-07-02 at 18.05.44
Click Execute Automation.
Screenshot 2024-07-02 at 18.06.18
Search for AWS-ConfigureS3BucketLogging, select and click next
Screenshot 2024-07-02 at 18.24.43
In Input parameters, provide the parameters such as bucket name, permissions, grantee type, and target bucket and others as below
Screenshot 2024-07-02 at 18.27.41
Click Execute.
Screenshot 2024-07-02 at 18.28.16
Screenshot 2024-07-02 at 18.31.09
Verify the server access logging is enabled by checking the S3 bucket properties.
Screenshot 2024-07-02 at 18.32.12
Screenshot 2024-07-02 at 18.32.27
Return to AWS Config to confirm the bucket is now compliant.
Screenshot 2024-07-02 at 18.33.22
Screenshot 2024-07-02 at 18.33.37

Conclusion

These instructions will allow you to use AWS Config to enforce this setup and successfully enable server-side logging on your S3 buckets. This automation improves visibility and security for your S3 resources while also guaranteeing compliance. Keeping your AWS environment compliant and operationally efficient can be achieved by integrating AWS Config and Systems Manager into your workflow.

Share this article

facebook logohatena logotwitter logo

© Classmethod, Inc. All rights reserved.