How to check which IAM performed an object modification of an s3 bucket

Question

Is there a way to see which IAM did a modification on a aws s3 bucket object (with versioning enabled)?

I know that there is the aws s3api list-object-versions, but it only shows the owner's DisplayName and ID (owner of aws organisation), not the underlying IAM that performed the modification.

"Owner": {
    "DisplayName": "my-username",
    "ID": "7009a8971cd660687538875e7c86c5b672fe116bd438f46db45460ddcd036c32"

Thanks in advance for the help.

score 3 · Accepted Answer · answered Oct 21 '18 at 16:16

3

You want to configure CloudTrail. This service monitors calls to the AWS platform and can also monitor S3 API calls, logging the user information you require.

More details here:

Logging Amazon S3 API Calls by Using AWS CloudTrail

answered Oct 21 '18 at 16:16

Alex Moore

1,704
5
12

How to check which IAM performed an object modification of an s3 bucket

1 Answers1