I've created AWS cloud trail and pointed it to S3 bucket with data event configuration to log all S3 data events:
eventSelector: [
{
readWriteType: 'All',
includeManagementEvents: true,
dataResource: [
{
type: 'AWS::S3::Object',
values: ['arn:aws:s3'],
},
],
},
],
Not surprising, this created logs loop - cloud trail write to S3 logs, which generates new trail, resulting in writing to S3 and so on. My question here is about best practices: What should I configure? I don't want to exclude the logging bucket from the logs, so I am thinking to exclude only cloud trail write events that are done by cloud trail. Looking for better ideas...