Amazon S3 Express One Zone now supports logging of all events in AWS CloudTrail
With Amazon S3 Express One Zone support for logging of all data plane API actions in AWS CloudTrail, you can get details on who made API calls to S3 Express One Zone and when API calls were made, thereby enhancing data visibility for governance, compliance, and operational auditing. Now, you can use AWS CloudTrail to log S3 Express One Zone object-level activity such as PutObject and GetObject, in addition to directory-bucket level actions such as CreateBucket and DeleteBucket that were already supported.
With logging of all events in AWS CloudTrail, you can quickly determine which S3 Express One Zone objects were created, read, updated or deleted and identify the source of the API calls. If you detect unauthorized S3 Express One Zone object access, you can take immediate action to restrict access. In addition, you can use CloudTrail features such as advanced event selectors for granular control over which events are logged and CloudTrail integration with Amazon EventBridge to create rule-based workflows for event-driven architectures.
You can enable AWS CloudTrail data events logging for S3 Express One Zone in all AWS Regions where S3 Express One Zone is available. Get started with CloudTrail event logging for S3 Express One Zone by using the CloudTrail console, AWS CLI, or AWS SDKs. For pricing information, visit the CloudTrail pricing page. To learn more, see the S3 User Guide, S3 Express One Zone product page and the AWS News Blog.