S3 Server Access Logging can be setup for the S3 bucket in which your data will be stored (this bucket is of the form
<installation_name>.datacoral). While this bucket is in your AWS account and is completely under your control, setting up these logs will provided detailed records on every request made to this bucket, which is useful for auditing purposes.
Using the AWS Console
Following the instructions here to setup S3 access logs for your data bucket that was created by Datacoral.
Using the AWS CLI
First, create a new bucket in which to save the S3 Access Logs. Ideally, this S3 Bucket will have been configured to not allow any deletes and should be in a separate AWS account.
Next, run the following commands to grant S3 permissions on this audit logs bucket using the
Finally, run the following command to apply the logging policy on the data bucket created by Datacoral.
Here, the file
logging.json contains information about the S3 bucket in which to save the audit logs and under which prefix to save the logs. It looks like the following: