Why does AWS Trusted Advisor show the "Write Not Enabled" error for my Amazon S3 bucket?

If you have enabled Amazon S3 server access logging, you may see a "Write Not Enabled" error in AWS Trusted Advisor. This happens because access logging requires specific permissions that are not always automatically applied.

Can I ignore the "Write Not Enabled" error?

Yes, if your server access logs are being delivered successfully to the designated bucket, you can safely ignore this error. Trusted Advisor reports this as a warning due to permission settings, but it does not necessarily indicate a problem with logging.

How can I fix the "Write Not Enabled" error in AWS Trusted Advisor?

If you want to remove this error message, you need to ensure that the Access Control List (ACL) settings allow the logging process to function correctly. Follow these steps to enable the required ACLs:

1. Open the Amazon S3 console and navigate to the bucket where you receive the access logs.
2. Select the Permissions tab.
3. Under Object Ownership, click Edit.
4. Choose ACLs enabled, then check I acknowledge that ACLs will be restored.
5. Set Object Ownership to Bucket owner preferred and save the changes.
6. In the Access control list (ACL) section, click Edit.
7. Under S3 log delivery group, grant:
   • Write permission for objects.
   • Read permission for the bucket ACL.
8. Click Save changes to apply the settings.

Best Practices and Additional Recommendations

AWS recommends disabling ACLs unless necessary. If you need to control permissions at the bucket level, consider using an S3 bucket policy instead of ACLs. You can refer to AWS documentation for guidance on configuring policies correctly.

For more details, see AWS's official guide on enabling server access logging.

By following these steps, you can either ignore the error if logging is working correctly or adjust ACL settings to remove the Trusted Advisor warning.