Add S3 logging

Open boxabirds opened this issue 6 years ago • 3 comments

I'm at the "Add Note attachment to S3" and I'm having some permission issues. It'd be great for the guide to enable object-level logging with CloudTrail when the note bucket is set up. Ironically the permission problem I have seems to be disabling the ability … to log as well… fun and games.

Dec 18 '19 22:12 boxabirds

Oh. Post what you end up figuring out.

Dec 29 '19 22:12 jayair

Right I can't get my project to accept this line in the S3 bucket policy:

arn:aws:s3:::kiwi-notes-app-uploads/private/${cognito-identity.amazonws.com:sub}/*

I had to use this instead:

arn:aws:s3:::kiwi-notes-app-uploads/private/*

which is obviously a security issue.

Jan 07 '20 09:01 boxabirds

Yeah that's really weird cos the first one should work.

Jan 19 '20 03:01 jayair