Logs for actions on amazon s3 / other AWS services

I am trying to see which user was responsible for changes in S3 (at buckets level). I could not find a audit trail for actions done at S3 bucket level or EC2 who created instances. Beanstalk has a log of the actions the machine performed, but not which user.

Is there a way around AWS that we can see this information in IAM or any other location ?

P.S: I am not interested to know about S3 log buckets which provide access logs

Answers 1

  • Update

    AWS has just announced AWS CloudTrail, finally making auditing API calls available as of today (and for free), see the introductory post AWS CloudTrail - Capture AWS API Activity for details:

    Do you have the need to track the API calls for one or more AWS accounts? If so, the new AWS CloudTrail service is for you.

    Once enabled, AWS CloudTrail records the calls made to the AWS APIs using the AWS Management Console, the AWS Command Line Interface (CLI), your own applications, and third-party software and publishes the resulting log files to the Amazon S3 bucket of your choice. CloudTrail can also issue a notification to an Amazon SNS topic of your choice each time a file is published. Each call is logged in JSON format for easy parsing and processing.

    Please note the following (temporary) constraints:

    • Not all services are covered yet, though the most important ones are included in the initial release already and AWS plans to add support for additional services over time.
    • More importantly, not all regions are supported yet (right now the US East (Northern Virginia), and US West (Oregon) Regions only), though AWS will be adding support for additional Regions as quickly as possible.

    Initial Answer

    This is a long standing feature request, but unfortunately AWS does not provide (public) audit trails as of today - the most reasonable way to add this feature would probably be a respective extension to AWS Identity and Access Management (IAM), which is the increasingly ubiquitous authentication and authorization layer for access to AWS resources across all existing (and almost certainly future) Products & Services.

    Accordingly there are a few respective answers provided within the IAM FAQs along these lines:

Related Articles