Object-level logging should be enabled for S3 bucket write events

cloudtrail
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

S3 object-level API operations, such as GetObject, DeleteObject, and PutObject, are considered data events and are not logged by default in CloudTrail. Enabling object-level logging for S3 buckets is recommended to capture these events for better compliance, security analysis, and monitoring of user activity patterns within your AWS account.

Remediation

For instructions on enabling object-level logging for S3 buckets in CloudTrail, refer to the AWS CloudTrail User Guide on Logging Data Events.