An AWS S3 bucket providing scalable, durable, and secure storage of logs allowing them to be stored, accessed, and analyzed in a highly available and cost-effective manner.
Low cost and durable storage of application logs for debugging and troubleshooting
Security and Compliance
Storing access logs allows security teams to monitor and detect unauthorized access attempts and security breaches, and helps to satisfy compliance requirements for data access audit trails.
This bundle is designed around the specific use-case of storing application and access logs. For this reason, assumptions are made regarding the configuration of the bucket. For example, public access is disabled and object versioning is disabled.
Deploys regional S3 for High availability in the event of zonal failure
Dedicated KMS Key
Uses a dedicated KMS key with narrowly scoped permission for encryption
A KMS key is created and narrowly scoped to the bucket for encrypting all assets.
No public access is allowed to this bucket
Access logging can be enabled, which will create an additional S3 bucket to store access logs for compliance requirements
The following policies are created for managing access to the S3 bucket.
read: Grants read access to objects in the bucket
write: Grants access to write objects to the bucket
|AWS Region to provision in.
|Enable the expiration (deletion) of objects after the specified time
|Number of days after creation when objects are transitioned to the specified storage class.
|S3 storage class to transition to. Refer to the AWS S3 storage class documentation for details on each storage class.
|Enabling this will create an additional bucket for storing access logs