AWS CloudTrail for Amazon Simple Storage Service (S3) now captures additional request parameters and event data for your bucket-level and object-level operations for enhanced security auditing. The new fields added to AWS CloudTrail for Amazon S3 include: host, signature version, cipher suite, and authentication method.
AWS CloudTrail for Amazon S3 provides a record of actions taken by a user, role, or an AWS service against your Amazon S3 resources, including detailed API tracking for Amazon S3 bucket-level and object-level operations. By using AWS CloudTrail, you can determine the request that was made to Amazon S3, the IP address from which the request was made, who made the request, when it was made, and additional details.
With this enhancement, you can use the signature version field to identify if the requests made against your Amazon S3 resources are being authenticated using signature version 2 (SigV2) or signature version 4 (SigV4). This is especially important in context of previous post on AWS Discussion Forums detailing the plan to end support for requests to Amazon S3 authenticated using SigV2 in all AWS regions on June 24, 2019.
Other new fields in AWS CloudTrail for Amazon S3 can also help you identify if clients are using HTTPS with the cipher suite field, or if clients are using a specific S3 endpoint, for example FIPS endpoints or dual stack endpoints, with the host field.
To learn more about monitoring Amazon S3 API calls using AWS CloudTrail, please visit the S3 Developer Guide.
To learn more about AWS CloudTrail, including how to configure and enable it, see the AWS CloudTrail User Guide.
AWS CloudTrail for Amazon Simple Storage Service (S3) is available in all commercial AWS regions and AWS GovCloud (US) regions.
AWS OFFICIALUpdated 10 months ago
This is an announcement migrated from AWS Forums that does not require an answer