This question already has an answer here:
How to find out who uploaded data in S3 bucket
(1 answer)
Closed 2 years ago.
Is there anyway I can find out that who upload files in S3 bucket when fetching files using Javascript API (listObjectsV2).
In short, no. The listObjectsV2 API method doesn't expose this information.
API requests made to S3 can be logged using CloudTrail.
CloudTrail is able to capture events at the Management plane (i.e. changes to Bucket Properties) or at the Data plane (Object level events).
In order to find out who uploaded a file to S3 (s3:PutObject action) you would need to do the following:
Ensure CloudTrail data events are enabled and configured to capture data events for the bucket in question
Ensure your IAM user/role is authorised to query this data (from wherever you store it, usually another S3 bucket)
There is more information on how this can be achieved in the AWS docs. The following two links are quite helpful:
Logging Amazon S3 API calls using AWS CloudTrail
How do I enable object-level logging for an S3 bucket with AWS CloudTrail data events?
Related
I want to know how many times a object retrieved from a aws s3 bucket. When we use aws CloudFront, we can use cloudFront popular objects report. How can i get similar report for s3
Download metrics for individual S3 objects are not readily available, afaik.
You could derive them from one of:
Amazon S3 access logs
CloudTrail logs
I wish to trigger an AWS lambda function I upload a file to a specific folder in S3. There are multiple folders in the s3 bucket now. Is this possible and how do i do so?
Yes, you can Configure Amazon S3 event notifications, filtering on object key prefixes (and/or suffixes).
See Configuring notifications with object key name filtering. A prefix could be dogs/, for example. That way, all uploads to a key beginning with dogs/, e.g. dogs/alsatian.png would notify.
Note that you probably don't actually have any folders in your S3 bucket, just objects, unless you created them using the AWS Console. There really aren't any folders in S3.
Which is the best way to find out who deleted files in AWS S3 bucket?
I am working on AWS S3 Bucket. Going through the AWS docs and haven't found the best way to monitor S3 buckets so thought of checking if anyone can help me here.
For monitoring S3 object operations, such as DeleteObject, you have to enable CloudTrail with S3 data events:
How do I enable object-level logging for an S3 bucket with AWS CloudTrail data events?
Examples: Logging Data Events for Amazon S3 Objects
However, the trials don't work retrospectively. Thus, you have to check if you have such trial enabled in CloudTrail console. If not, then you can create one to monitor any future S3 object level activities for all, or selected, buckets.
To reduce the impact of accidental deletions you can enable object version. And to fully protect against that for important objects, you can use MFA delete.
You can check S3 access logs or CloudTrail to check who deleted files from your S3 bucket. More information here - https://aws.amazon.com/premiumsupport/knowledge-center/s3-audit-deleted-missing-objects/
I'm looking for a way to log when data is copied from my S3 bucket. Most importantly, which file(s) were copied and when. If I had my way, I'd like by who and where but I don't want to get ahead of myself.
A couple of options:
Server Access Logging provides detailed records for the requests that are made to an S3 bucket
AWS CloudTrail captures a subset of API calls for Amazon S3 as events, including calls from the Amazon S3 console and from code calls to the Amazon S3 APIs
What is the easiest way to get the user/role used to update/upload an object to S3?
I object is still in the bucket. Just want to know who did it.
tried CLI didn't find anything. CloudTrail could be an option as well I guess.
The easiest way would be to enable S3 server access logging:
AWS Console -> S3 -> Choose your bucket -> Properties -> Choose target bucket (where wou want your logs to be stored) -> Save
Each request is saved as one row in logs. It's not just for get requests, it's for all types of requests.
In logs, you would look for Requester:
The canonical user ID of the requester, or a - for unauthenticated requests. If the requester was an IAM user, this field returns the requester's IAM user name along with the AWS root account that the IAM user belongs to. This identifier is the same one used for access control purposes.
You can see more details in official documentation:
https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
From Logging Amazon S3 API Calls by Using AWS CloudTrail - Amazon Simple Storage Service:
Amazon S3 is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Amazon S3. CloudTrail captures a subset of API calls for Amazon S3 as events, including calls from the Amazon S3 console and from code calls to the Amazon S3 APIs.