Enabling AWS Config logs
When you enable AWS Config logs, you must specify a destination for the log data.
About this task
Users must have the following permissions to enable AWS Config logs for delivery to Amazon S3.
ec2:ModifyVerifiedAccessInstanceLoggingConfiguration
on the Config instancelogs:CreateLogDelivery, logs:DeleteLogDelivery, logs:GetLogDelivery, logs:ListLogDeliveries
, andlogs:UpdateLogDelivery
on all resourcess3:GetBucketPolicy
ands3:PutBucketPolicy
on the destination bucket
Procedure
- Open the Amazon VPC console at Amazon VPC.
- In the navigation pane, select AWS Config.
- Select AWS Config.
- On the AWS Config logging configuration tab, select Modify AWS Config logging configuration.
- Enable Deliver to Amazon S3.
- Enter the name, owner, and prefix of the destination bucket.
- Click Modify AWS Config logging configuration.