User guide

ManualsBrandsAmazon ManualsComputer equipmentRedshift

221

222

223

224

225

226

227

228

229

230

"Action": "s3:GetBucketAcl",

"Resource": "arn:aws:s3:::AuditLogs"

}

]

}

For more information about creating Amazon S3 buckets and adding bucket policies, go to Creating a

Bucket and Editing Bucket Permissions in the Amazon Simple Storage Service Console User Guide.

Bucket Structure for Amazon Redshift Audit

Logging

By default, Amazon Redshift organizes the log files in the Amazon S3 bucket by using the following bucket

and object structure:

AWSLogs/AccountID/ServiceName/Region/Year/Month/Day/AccountID_ServiceName_Region_ClusterName_LogType_Timestamp.gz

For example:

AWSLogs/123456789012/redshift/us-east-1/2013/10/29/123456789012_redshift_us-east-1_mycluster_userlog_2013-10-29T18:01.gz

If you provide an Amazon S3 key prefix, the prefix is placed at the start of the key.

For example, if you specify a prefix of myprefix:

myprefix/AWSLogs/123456789012/redshift/us-east-1/2013/10/29/123456789012_redshift_us-east-1_mycluster_userlog_2013-10-29T18:01.gz

The Amazon S3 key prefix cannot exceed 512 characters. It cannot contain spaces ( ), double quotation

marks (“), single quotation marks (‘), a backslash (\). There are also a number of special characters and

control characters that are not allowed. The hexadecimal codes for these characters are:

• x00 to x20

• x22

• x27

• x5c

• x7f or larger

Troubleshooting Amazon Redshift Audit Logging

Amazon Redshift audit logging can be interrupted for the following reasons:

• Amazon Redshift does not have permission to upload logs to the Amazon S3 bucket. Verify that the

bucket is configured with the correct IAM policy. For more information, see Bucket Permissions for

Amazon Redshift Audit Logging (p. 218).

• The bucket owner changed. When Amazon Redshift uploads logs, it verifies that the bucket owner is

the same as when logging was enabled. If the bucket owner has changed, Amazon Redshift cannot

upload logs until you configure another bucket to use for audit logging. For more information, see

Modifying the Bucket for Audit Logging (p. 222).

• The bucket cannot be found. If the bucket is deleted in Amazon S3, Amazon Redshift cannot upload

logs.You either need to recreate the bucket or configure Amazon Redshift to upload logs to a different

bucket. For more information, see Modifying the Bucket for Audit Logging (p. 222).

API Version 2012-12-01

220

Amazon Redshift Management Guide

Bucket Structure for Amazon Redshift Audit Logging