Once logging is enabled for a bucket, available log records are aggregated into log files and delivered to you via an Amazon S3 bucket of your choosing on an hourly basis.
Using Qloudstat Choose to Edit a configuration. On the edit page you can toggle access log delivery using Enable Logging button. Note that your changes are applied instantaneously.
Using Cyberduck Follow the instructions to enable bucket logging and choosing a target bucket for access logs on the Cyberduck Help Wiki. Cyberduck also provides a convenient feature to add an IAM user to your AWS account that Qloudstat can use to read your access logs.
Using the AWS Console Log into the AWS Console and choose Properties for the bucket you want configure access logs to be delivered. Set the target bucket and prefix for AWS to deliver log files to:
You can find a fine grained IAM policy snippet preconfigured with your bucket names when editing your configuration.
Authentication for Qloudstat with IAM Read Only Policy Template The access key and secret are preferrably the credentials of a dedicated IAM user created to give Qloudstat access to your account. Please use the AWS Console to create an IAM user with grants provided to access your log files.
Follow these steps to create a new IAM user:
Authentication for Qloudstat with IAM Custom Policy Alternatively you can set up a more restrictive custom policy with the following document:
{ "Statement": [ { "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketLogging", "s3:GetBucketLocation" ], "Effect": "Allow", "Resource": "arn:aws:s3:::*" }, { "Action": [ "s3:ListBucket" ], "Condition": { "Bool": { "aws:SecureTransport": "true" }, "StringLike" : {"s3:prefix":["*"]} }, "Effect": "Allow", "Resource": "*" }, { "Action": [ "s3:GetObject" ], "Condition": { "Bool": { "aws:SecureTransport": "true" } }, "Effect": "Allow", "Resource": "*" } ] }
Replace loggingtargetbucket with the name of your logging target bucket.
loggingtargetbucket
More information can be found in the AWS Reference.
Log files are delivered to the target logging bucket on an hourly basis.
Refer to the list of Dimensions and Metrics
You can find a IAM policy snippet preconfigured with your bucket names when editing your configuration. Add the following statement to your existing IAM policy:
{ "Statement": [ { "Effect": "Allow", "Action": "s3:DeleteObject", "Resource": "arn:aws:s3:::*" } ] }