HEX
Server: Apache/2.4.41 (Ubuntu)
System: Linux ip-172-31-42-149 5.15.0-1084-aws #91~20.04.1-Ubuntu SMP Fri May 2 07:00:04 UTC 2025 aarch64
User: ubuntu (1000)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Upload Files
File: //lib/python3/dist-packages/awscli/examples/s3api/put-bucket-logging.rst
The example below sets the logging policy for *MyBucket*. The AWS user *bob@example.com* will have full control over
the log files, and no one else has any access. First, grant S3 permission with ``put-bucket-acl``::

   aws s3api put-bucket-acl --bucket MyBucket --grant-write URI=http://acs.amazonaws.com/groups/s3/LogDelivery --grant-read-acp URI=http://acs.amazonaws.com/groups/s3/LogDelivery

Then apply the logging policy::

   aws s3api put-bucket-logging --bucket MyBucket --bucket-logging-status file://logging.json

``logging.json`` is a JSON document in the current folder that contains the logging policy::

    {
      "LoggingEnabled": {
        "TargetBucket": "MyBucket",
        "TargetPrefix": "MyBucketLogs/",
        "TargetGrants": [
          {
            "Grantee": {
              "Type": "AmazonCustomerByEmail",
              "EmailAddress": "bob@example.com"
            },
            "Permission": "FULL_CONTROL"
          }
        ]
      }
    }

.. note:: the ``put-bucket-acl`` command is required to grant S3's log delivery system the necessary permissions (write
   and read-acp permissions).

For more information, see `Amazon S3 Server Access Logging <https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html>`__ in the *Amazon S3 Developer Guide*.