As part of a recent project, a development team activated and set up AWS CloudTrail to monitor all Amazon S3 buckets involved in the project. The project manager, who has ownership of all the S3 buckets, observed that he was not receiving object-level API access logs when the data was accessed by a different AWS account.

What could explain this behavior/error?

Exam-Like

CloudTrail always delivers object-level API access logs to the requester and not to object owner

13.3%

The bucket owner also needs to be object owner to get the object access logs

60.0%

CloudTrail needs to be configured on both the AWS accounts for receiving the access logs in cross-account access

20.0%

The meta-data of the bucket is in an invalid state and needs to be corrected by the bucket owner from AWS console to fix the issue

6.7%

AWS Certified Developer - Associate