Cloud trail event logging S3 bucket

Asked Jul 29 '22 at 06:29

Active Jul 29 '22 at 09:18

Viewed 431 times

I want to log the events when I download any file from download folder, if I download file from any other folder say upload then it should not log that event.

I'm using the below code in cloud shell:

aws cloudtrail put-event-selectors --trail-name name \
--advanced-event-selectors \
'[
    {
            "Name": "S3EventSelector",
            "FieldSelectors": [
                { "Field": "eventCategory", "Equals": ["Data"] },
                { "Field": "resources.type", "Equals": ["AWS::S3::Object"] },
                {"Field": "eventName", "Equals":["GetObject"]},          
                { "Field": "resources.ARN", "StartsWith": ["arn:aws:s3:::bucket/"] }
            ]
        }
]'

Here, I'm getting the logs from every folder if I download any file.

edited Jul 29 '22 at 09:18

Ervin Szilagyi

14,274
2
25
40

asked Jul 29 '22 at 06:29

Coding_ninja

try "StartsWith": ["arn:aws:s3:::bucket/folder-you-want-to-log"] – Hùng Nguyễn Jul 29 '22 at 07:07
I cannot do this since I have multiple folders and all of them can have download folder. – Coding_ninja Jul 29 '22 at 07:16
I don't know if wildcard works in this case, but maybe try "arn:aws:s3:::bucket/*/download" ? – Hùng Nguyễn Jul 29 '22 at 08:14
Wildcard didn't help, it logged every event. Can you please help me with another way? – Coding_ninja Jul 29 '22 at 08:33
How come wildcard logged every event? "arn:aws:s3:::bucket/*/download/*" works then event with `arn:aws:s3:::bucket/*/other-folder/*` should not trigger. Please test again. – Hùng Nguyễn Jul 29 '22 at 08:44
Actually it didn't log any event when I used "arn:aws:s3:::bucket/*/download/*" my folder pattern is something like: folder/download/filename, folder/upload/filename – Coding_ninja Jul 29 '22 at 09:12
`StartsWith` can be array so if wildcard doesn't work, you might need to add all the value to it – Hùng Nguyễn Jul 29 '22 at 09:52

Cloud trail event logging S3 bucket

0 Answers0