Amazon has announced support for logging all data plane API actions for S3 Express One Zone in AWS CloudTrail. This enhancement provides detailed information on who made API calls to S3 Express One Zone and when these calls were made, thereby improving data visibility for governance, compliance, and operational auditing. Users can now log S3 Express One Zone object-level activities such as PutObject and GetObject, in addition to directory-bucket level actions like CreateBucket and DeleteBucket, which were already supported.
With comprehensive event logging in AWS CloudTrail, users can quickly determine which S3 Express One Zone objects were created, read, updated, or deleted, and identify the source of the API calls. If unauthorized access to S3 Express One Zone objects is detected, users can take immediate steps to restrict access. Additionally, CloudTrail features advanced event selectors for granular control over which events are logged and integrates with Amazon EventBridge to create rule-based workflows for event-driven architectures.
AWS CloudTrail data events logging for S3 Express One Zone is available in all AWS Regions where S3 Express One Zone is offered. Users can enable this logging feature through the CloudTrail console, AWS CLI, or AWS SDKs.