Stream logs to Amazon S3
DataStream supports sending logs to Amazon Simple Storage Service (Amazon S3). Amazon S3 is a static file storage that lets you organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements.
DataStream sends GZIP-compressed logs to Amazon S3.
For security reasons, DataStream sends logs over TLS even if Amazon S3 policies allow insecure requests.
Before you begin
- Create an Identity and Access Management (IAM) user in Amazon S3. See Overview of access management: permissions and policies.
- Create a dedicated storage bucket in an AWS region. See Create storage buckets.
- Grant the user or role that can
access the bucket the appropriate permissions to the bucket contents, including
ListBucket
,GetObject
, andPutObject
. - Make note of the access keys and client secret associated with your account. See Understanding and getting your security credentials.
- Set up and manage server side encryption (SSE) in the container's settings. See Server side encryption for Amazon S3.