In a Information Weblog publish for re:Invent 2023, we launched you to Amazon S3 Categorical One Zone, a high-performance, single-Availability Zone (AZ) storage class purpose-built to ship constant single-digit millisecond knowledge entry on your most regularly accessed knowledge and latency-sensitive functions. It’s well-suited for demanding functions and is designed to ship as much as 10x higher efficiency than S3 Customary. S3 Categorical One Zone makes use of S3 listing buckets to retailer objects in a single AZ.
Beginning at the moment, S3 Categorical One Zone helps AWS CloudTrail knowledge occasion logging, permitting you to observe all object-level operations like PutObject, GetObject, and DeleteObject, along with bucket-level actions like CreateBucket and DeleteBucket that had been already supported. This permits auditing for governance and compliance, and may help you benefit from S3 Categorical One Zone’s 50% decrease requests prices in comparison with the S3 Customary storage class.
Utilizing this new functionality, you’ll be able to rapidly decide which S3 Categorical One Zone objects had been created, learn, up to date, or deleted, and determine the supply of the API calls. In the event you detect unauthorized S3 Categorical One Zone object entry, you’ll be able to take speedy motion to limit entry. Moreover, you should utilize the CloudTrail integration with Amazon EventBridge to create rule-based workflows which can be triggered by knowledge occasions.
Utilizing CloudTrail knowledge occasion logging for Amazon S3 Categorical One Zone
I begin within the Amazon S3 console. Following the steps to create a listing bucket, I create an S3 bucket and select Listing because the bucket sort and apne1-az4
because the Availability Zone. In Base Title, I enter s3express-one-zone-cloudtrail
and a suffix that features Availability Zone ID of the Availability Zone is routinely added to create the ultimate identify. Lastly, I choose the checkbox to acknowledge that Knowledge is saved in a single Availability Zone and select Create bucket.
To allow knowledge occasion logging for S3 Categorical One Zone, I’m going to the CloudTrail console. I enter the identify and create the CloudTrail path liable for monitoring the occasions of my S3 listing bucket.
In Step 2: Select log occasions, I choose Knowledge occasions with Superior occasion selectors are enabled chosen.
For Knowledge occasion sort, I select S3 Categorical. I can select Log all occasions because the Log selector template to handle knowledge occasions for all S3 listing buckets.
Nonetheless, I need the occasion knowledge retailer to log occasions just for my S3 listing bucket s3express-one-zone-cloudtrail--apne1-az4--x-s3
. On this case, I select Customized because the Log selector template and point out the ARN of my listing bucket. Study extra within the documentation on filtering knowledge occasions through the use of superior occasion selectors.
End up with Step 3: overview and create. Now, you could have logging with CloudTrail enabled.
CloudTrail knowledge occasion logging for S3 Categorical One Zone in motion:
Utilizing the S3 console, I add and obtain a file to my S3 listing bucket.
Utilizing AWS CLI, I ship Put_Object
and Get_Object
.
CloudTrail publishes log recordsdata to S3 bucket in a gzip archive and organizes them hierarchically based mostly on the bucket identify, account ID, Area, and date. Utilizing the AWS CLI, I record the bucket related to my Path and retrieve the log recordsdata for the date after I did the take a look at.
I get the next 4 recordsdata identify, two from the console exams and two from the CLI exams:
Let’s seek for the PutObject occasion amongst these recordsdata. After I open the primary file, I can see the PutObject
occasion sort. In the event you recall, I simply made two uploads, as soon as through the S3 console in a browser and as soon as utilizing the CLI. The userAgent
attribute, the kind of supply that made the API name, refers to a browser, so this occasion refers to my add utilizing the S3 console. Study extra about CloudTrail occasions within the documentation on understanding CloudTrail occasions.
Now, after I overview the third file for the occasion equivalent to the PutObject
command despatched utilizing AWS CLI, I see that there’s a small distinction within the userAgent
attribute. On this case, it refers back to the AWS CLI.
Now, let’s take a look at the GetObject occasion within the second file. I can see that the occasion sort is GetObject
and that the userAgent
refers to a browser, so this occasion refers to my obtain utilizing the S3 console.
And at last, let me present the occasion within the fourth file, with particulars of the GetObject
command that I despatched from the AWS CLI. I can see that the eventName
and userAgent
are as anticipated.
Issues to know
Getting began – You’ll be able to allow CloudTrail knowledge occasion logging for S3 Categorical One Zone utilizing the CloudTrail console, CLI, or SDKs.
Areas – CloudTrail knowledge occasion logging is obtainable in all AWS Areas the place S3 Categorical One Zone is presently out there.
Exercise logging – With CloudTrail knowledge occasion logging for S3 Categorical One Zone, you’ll be able to object-level exercise, reminiscent of PutObject
, GetObject
, and DeleteObject
, in addition to bucket-level exercise, reminiscent of CreateBucket and DeleteBucket.
Pricing – As with S3 storage lessons, you pay for logging S3 Categorical One Zone knowledge occasions in CloudTrail based mostly on the variety of occasions logged and the interval throughout which you keep the logs. For extra data, see the AWS CloudTrail Pricing web page.
You’ll be able to allow CloudTrail knowledge occasion logging for S3 Categorical One Zone to simplify governance and compliance on your high-performance storage. To study extra about this new functionality, go to the S3 Consumer Information.
– Eli.