我正在尝试根据此文档https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-access-logs.html
为AWS Network ELB配置访问日志我指定了存储桶名称和前缀,然后选择了Create this location for me
为存储桶自动生成了以下存储桶策略
{
"Version": "2012-10-17",
"Id": "AWSConsole-AccessLogs-Policy-xxxxxxxxxxxxx",
"Statement": [
{
"Sid": "AWSConsoleStmt-xxxxxxxxxxxxx",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxxxxxxx:root"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucket_name/prefix/AWSLogs/123456789012/*"
},
{
"Sid": "AWSLogDeliveryWrite",
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucket_name/prefix/AWSLogs/123456789012/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
},
{
"Sid": "AWSLogDeliveryAclCheck",
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::bucket_name"
}
]
}
已创建桶,但是在AWSLogs/xxxxxxxx
下未生成任何日志文件。我在这里想念什么吗?
答案 0 :(得分:2)
来自:https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-access-logs.html
仅当负载平衡器具有TLS侦听器时才创建访问日志 并且它们仅包含有关TLS请求的信息。
答案 1 :(得分:0)
它可能是以下三个之一:
进一步阅读:https://aws.amazon.com/premiumsupport/knowledge-center/s3-server-access-log-not-delivered/