Enable object-level logging for an S3 Bucket with AWS CloudTrail data events
- Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/
- In the Bucket name list, choose the name of the bucket that you want to enable versioning for
![]()
- Choose Properties.
![]()
- Choose Object-level logging.
![Object-level logging screen.]()
- Choose an existing CloudTrail trail in the drop-down menu.
The trail you select must be in the same AWS Region as your bucket, so the drop-down list contains only trails that are in the same Region as the bucket or trails that were created for all Regions.
If you need to create a trail, choose the CloudTrail console link to go to the CloudTrail console.
![]()
- Under Events, choose one of the following:
- Read to specify that you want CloudTrail to log Amazon S3 read APIs such as
GetObject. - Write to log Amazon S3 write APIs such as
PutObject. - Read and Write to log both read and write object APIs.
![]()
- Read to specify that you want CloudTrail to log Amazon S3 read APIs such as
- Choose Create to enable object-level logging for the bucket.
![]()
