Amazon S3 server access logs now deliver to Amazon CloudWatch Logs and Amazon S3 Tables
Amazon S3 now supports delivering server access logs to Amazon CloudWatch Logs, giving you instant querying, alarms, cross-account and cross-Region aggregation, and AWS Key Management Service (KMS) encryption for your access log data. You can also mirror your logs to Amazon S3 Tables in Apache Iceberg format at no additional storage cost. These new delivery paths complement the existing free delivery of server access logs to S3 general purpose buckets, giving you more flexibility in how you monitor and analyze access to your data.
With delivery to CloudWatch Logs, you can set alarms on error rates, monitor traffic patterns, investigate access incidents across accounts and Regions, and correlate S3 access activity with the rest of your operational data. Logs mirrored to S3 Tables are immediately queryable with standard SQL in Amazon Athena, Amazon Redshift, and other Iceberg-compatible query engines, so you can audit access patterns, analyze usage trends, and identify cost drivers across buckets over time.
S3 server access logs delivery to CloudWatch Logs is available today in all AWS Regions, except for AWS China Regions and AWS GovCloud (US) Regions. To learn more, see the Amazon S3 webpage, server access logging in the Amazon S3 User Guide, and the AWS Storage Blog post.