1 00:00:00,520 --> 00:00:01,353 So let's go ahead 2 00:00:01,353 --> 00:00:02,910 and practice S3 access logs. 3 00:00:02,910 --> 00:00:05,290 And for this, I'm going to create an S3 access logs 4 00:00:05,290 --> 00:00:08,410 to find V3 buckets. 5 00:00:08,410 --> 00:00:12,620 And then I will go ahead and create that bucket. 6 00:00:12,620 --> 00:00:14,807 So that bucket is going to be our logging bucket, 7 00:00:14,807 --> 00:00:17,380 and I'm going to keep this open here. 8 00:00:17,380 --> 00:00:21,080 And in another tab, I'm going to take one of my buckets 9 00:00:21,080 --> 00:00:26,080 that I've created and then I'm going to enable the logging. 10 00:00:26,130 --> 00:00:27,500 So I just took one bucket, 11 00:00:27,500 --> 00:00:29,800 but whatever bucket you want for you really. 12 00:00:29,800 --> 00:00:32,100 I will go on Properties 13 00:00:32,100 --> 00:00:33,940 and then I will scroll down 14 00:00:33,940 --> 00:00:37,490 and look for "Server access logging." 15 00:00:37,490 --> 00:00:38,890 So we edit it, 16 00:00:38,890 --> 00:00:41,570 and we are going to enable server access logging. 17 00:00:41,570 --> 00:00:43,090 So as we can see when we do so, 18 00:00:43,090 --> 00:00:45,520 the bucket policy will be updated 19 00:00:45,520 --> 00:00:48,350 in the target buckets, okay? 20 00:00:48,350 --> 00:00:49,510 So where we want to log. 21 00:00:49,510 --> 00:00:52,870 So for the target bucket, we're going to browse Amazon S3 22 00:00:52,870 --> 00:00:57,100 and then we choose the S3 access logs to find V3 buckets. 23 00:00:57,100 --> 00:00:59,080 I save the change 24 00:00:59,080 --> 00:01:04,080 and now my S3 server access logging is enabled. 25 00:01:04,840 --> 00:01:06,990 So now what I can do is I can go to my objects, 26 00:01:06,990 --> 00:01:09,030 I can click on this one, 27 00:01:09,030 --> 00:01:12,180 I can maybe open it back into my bucket, 28 00:01:12,180 --> 00:01:14,510 I can go in it and I can upload a file. 29 00:01:14,510 --> 00:01:17,700 So add a file and it'll be for example, my beach.jpg. 30 00:01:17,700 --> 00:01:20,550 So you can do a lot of things in your bucket, 31 00:01:20,550 --> 00:01:23,980 and all of this is going generate activity. 32 00:01:23,980 --> 00:01:26,440 And this activity is going to be logged 33 00:01:26,440 --> 00:01:28,630 into your logging buckets. 34 00:01:28,630 --> 00:01:31,600 Now, if I refresh, as you can see, nothing happens yet. 35 00:01:31,600 --> 00:01:33,620 That's because it takes a little bit of time 36 00:01:33,620 --> 00:01:38,260 for your access logs to go into your logging buckets. 37 00:01:38,260 --> 00:01:39,760 But what we can do in the meantime 38 00:01:39,760 --> 00:01:41,690 is have a look at the permissions. 39 00:01:41,690 --> 00:01:45,940 Because when we enabled the server bucket, 40 00:01:45,940 --> 00:01:48,760 so when we're right here, the server access logging, 41 00:01:48,760 --> 00:01:50,020 when we enabled it, 42 00:01:50,020 --> 00:01:53,200 it was saying that the bucket policy will be updated. 43 00:01:53,200 --> 00:01:54,130 So let's verify that. 44 00:01:54,130 --> 00:01:57,530 We can scroll down and we have the bucket policy right here. 45 00:01:57,530 --> 00:02:01,800 And indeed, yes, the bucket policy was updated 46 00:02:01,800 --> 00:02:05,160 to allow the logging service of Amazon S3 47 00:02:05,160 --> 00:02:09,009 to put objects into these buckets. 48 00:02:09,009 --> 00:02:10,110 So this is pretty good. 49 00:02:10,110 --> 00:02:12,250 So now what we have to do 50 00:02:12,250 --> 00:02:13,750 is go back into our buckets 51 00:02:13,750 --> 00:02:16,440 and wait for the first logs to be sent. 52 00:02:16,440 --> 00:02:18,730 So it took a couple of hours, but I just refreshed, 53 00:02:18,730 --> 00:02:22,350 and in my bucket, I see a lot of files now, objects, 54 00:02:22,350 --> 00:02:25,760 and these have been created directly for my access log. 55 00:02:25,760 --> 00:02:29,460 So I can click on one of them and I can open it for example. 56 00:02:29,460 --> 00:02:32,050 And in here, I'm able to see, well, what happened? 57 00:02:32,050 --> 00:02:34,500 And this is quite hard to decipher, okay? 58 00:02:34,500 --> 00:02:37,450 But it gives you the API call, the success rate, 59 00:02:37,450 --> 00:02:39,910 who accessed it, what bucket it was, 60 00:02:39,910 --> 00:02:42,780 at what time and the lot of information. 61 00:02:42,780 --> 00:02:46,060 So, okay, that's for S3 access logs. 62 00:02:46,060 --> 00:02:49,060 I hope you liked it, and I will see you in the next lecture.