1
00:00:00,610 --> 00:00:01,730
Okay, so now let's talk

2
00:00:01,730 --> 00:00:03,950
about Amazon S3 Access Logs.

3
00:00:03,950 --> 00:00:06,130
So say that for audit purposes,

4
00:00:06,130 --> 00:00:09,810
you want to log all the access into your S3 buckets.

5
00:00:09,810 --> 00:00:12,380
So that means that any request that is done to Amazon S3

6
00:00:12,380 --> 00:00:15,140
from any account, authorized or denied,

7
00:00:15,140 --> 00:00:17,400
you want it to be logged into another S3 bucket

8
00:00:17,400 --> 00:00:19,110
so you can analyze it later.

9
00:00:19,110 --> 00:00:20,180
So you can analyze it, for example,

10
00:00:20,180 --> 00:00:21,780
using data analysis tool

11
00:00:21,780 --> 00:00:25,460
or something we'll see in this section called Amazon Athena.

12
00:00:25,460 --> 00:00:27,290
So here is the idea with a diagram.

13
00:00:27,290 --> 00:00:28,960
We make request into a bucket

14
00:00:28,960 --> 00:00:31,450
and that bucket has been enabled for logging

15
00:00:31,450 --> 00:00:33,750
into another bucket or logging bucket.

16
00:00:33,750 --> 00:00:35,420
And so all the requests,

17
00:00:35,420 --> 00:00:37,330
once we've enabled the S3 Access Logs,

18
00:00:37,330 --> 00:00:39,650
will log all the requests into the logging bucket.

19
00:00:39,650 --> 00:00:41,710
It's very, very easy, very, very simple.

20
00:00:41,710 --> 00:00:44,050
And the log format is defined here.

21
00:00:44,050 --> 00:00:46,700
So if you're interested about how we can read this log,

22
00:00:46,700 --> 00:00:49,020
just click on this link, okay.

23
00:00:49,020 --> 00:00:51,780
Now, something you should know about these logging buckets

24
00:00:51,780 --> 00:00:53,940
that is pretty, pretty natural,

25
00:00:53,940 --> 00:00:55,590
but you need to know about it once.

26
00:00:55,590 --> 00:00:59,050
So do never, never, ever set your logging bucket

27
00:00:59,050 --> 00:01:01,540
to be the bucket you are monitoring.

28
00:01:01,540 --> 00:01:03,257
Otherwise, if you set the logging bucket

29
00:01:03,257 --> 00:01:05,890
and the monitoring bucket to be exactly the same,

30
00:01:05,890 --> 00:01:07,830
then it will create a logging loop

31
00:01:07,830 --> 00:01:11,090
and your bucket will grow in size exponentially.

32
00:01:11,090 --> 00:01:13,030
See how it's very simple to represent it?

33
00:01:13,030 --> 00:01:14,180
So say we have a bucket,

34
00:01:14,180 --> 00:01:15,960
it happens to be our application bucket

35
00:01:15,960 --> 00:01:19,400
and also the bucket that is going to receive all the logs.

36
00:01:19,400 --> 00:01:22,600
And so therefore, whenever a user puts an object,

37
00:01:22,600 --> 00:01:25,500
the bucket is going to log inside of itself,

38
00:01:25,500 --> 00:01:26,780
create a logging loop,

39
00:01:26,780 --> 00:01:28,480
and they will create a new object

40
00:01:28,480 --> 00:01:31,307
that will be logged in a new object that will be logged

41
00:01:31,307 --> 00:01:33,010
and so it creates an infinite logging loop

42
00:01:33,010 --> 00:01:34,100
and so that's why your bucket

43
00:01:34,100 --> 00:01:36,060
will grow in size exponentially.

44
00:01:36,060 --> 00:01:38,830
So my advice to you is do not try this at home.

45
00:01:38,830 --> 00:01:41,620
This will end up in a huge AWS bill

46
00:01:41,620 --> 00:01:42,850
for doing this little mistake.

47
00:01:42,850 --> 00:01:45,380
So always separate your application bucket

48
00:01:45,380 --> 00:01:46,900
and your logging bucket.

49
00:01:46,900 --> 00:01:49,473
Now let's go in the hands-on so you see how this works.