Introduction

Hello, this is Hemanth from the Alliance Department. In this blog, I will demonstrate how to Enable Server Side Logging on S3 Bucket by using AWS Config to Impose Rules. The aim this time is to enhance your understanding of AWS Config, S3, and how to automate compliance and logging.

AWS

Is a secure cloud service platform that offers compute power, database storage, content delivery, network, and other functionality to help businesses scale and grow. It is one of the first cloud vendors to start services in the year 2006. It offers all the 3 service models namely IAAS, PAAS, and SAAS. Some of the notable domains in AWS are Compute, Migration, Storage, Network and Content Delivery, Management Tools, Database, Messaging, Security and Identity Compliance, and many more.

Systems Manager

The all-inclusive management service AWS Systems Manager is meant to give you insight and control over your AWS infrastructure. It streamlines administrative duties like monitoring, system configuration, resource management, and application deployment. Systems Manager collects information from several AWS services to assist you in keeping your resources operating and compliant.

AWS Config

AWS Config is a service that keeps track of and logs how AWS resources are configured. It also offers compliance checks and a history view. It makes use of Conformance Packs for standardized compliance and Config Rules to compare resource settings to intended rules. To guarantee that your resources adhere to legal standards and best practices, AWS Config additionally provides real-time monitoring and repair options. It improves visibility, compliance, and operational efficiency while supporting an extensive array of AWS services.

Demo

Create an S3 Bucket

Open the AWS Management Console and search for S3. Click on Create Bucket.

Provide a unique bucket name and ensure that ACLs are turned on.

Leave other settings as default and click on Create Bucket.

Configure Bucket Permissions

Inside the bucket, go to the Permissions tab and edit the Access Control List (ACL).

Tick the Log Delivery group checkbox and click Save.

Set Up AWS Config Rule

Go to the AWS Management Console, search for Config and click on Rules.

Click on Add Rule.

Select AWS Managed Rule and search for s3-bucket-logging-enabled and click next.

Enter the bucket name and prefix in the Parameters section, and then add others as below.

Rule has been created.

After a few minutes, check the rule to see the compliance status of your buckets.

Automate Logging with AWS Systems Manager

In the console, search for Systems Manager and navigate to Automation.

Click Execute Automation.

Search for AWS-ConfigureS3BucketLogging, select and click next

In Input parameters, provide the parameters such as bucket name, permissions, grantee type, and target bucket and others as below

Click Execute.


Verify the server access logging is enabled by checking the S3 bucket properties.


Return to AWS Config to confirm the bucket is now compliant.

Conclusion

These instructions will allow you to use AWS Config to enforce this setup and successfully enable server-side logging on your S3 buckets. This automation improves visibility and security for your S3 resources while also guaranteeing compliance. Keeping your AWS environment compliant and operationally efficient can be achieved by integrating AWS Config and Systems Manager into your workflow.