Validated on 18 Aug 2025 • Last edited on 5 Sep 2025
Spaces Object Storage is an S3-compatible service for storing and serving large amounts of data. The built-in Spaces CDN minimizes page load times, improves performance, and reduces bandwidth and infrastructure costs.
Spaces can automatically generate access logs for buckets and store the logs in a bucket you specify. Access logs include:
Access logs are in Amazon’s S3 server access log format. CDN access logs are in Amazon’s CloudFront access logs format.
Access logs are delivered asynchronously. They usually appear in the destination bucket within an hour of activity, but delivery may take two hours or longer.
Access logs are disabled by default. You can view whether logs are enabled or disabled in the control panel. To enable or disable access logs, use the S3-compatible API (for example, with the AWS CLI) or Terraform.
To check whether access logs are enabled for a bucket, go to the DigitalOcean Control Panel. In the left menu, click Spaces Object Storage, and then click the bucket you want to check to go to its overview page. On the bucket’s overview page, click its Settings tab. The Access Logs section displays Enabled or Disabled.
You can enable or disable access logs using the S3-compatible API with the AWS CLI (aws).
Create a JSON file that sets the logging configuration. Specify the target bucket (where logs are stored) and a target prefix (the prefix for log objects). The target bucket must be different from the source bucket. Currently, we do not support writing access logs into the same bucket that is generating them.
{
"LoggingEnabled": {
"TargetBucket": "use_your_destination_bucket",
"TargetPrefix": "example_log_prefix/"
}
}Apply the configuration:
aws --endpoint-url https://use_your_region.digitaloceanspaces.com \
s3api put-bucket-logging \
--bucket use_your_source_bucket \
--bucket-logging-status file://use_your_logging_config_path.jsonThis call sets the bucket’s logging configuration to the state you provide. On success, the command returns no output and exits with code 0.
You can verify that logging is enabled by checking your configuration in Verify Your Logging Configuration.
To disable access logs, send an empty logging configuration. This removes the LoggingEnabled section entirely:
aws --endpoint-url https://use_your_region.digitaloceanspaces.com \
s3api put-bucket-logging \
--bucket use_your_source_bucket \
--bucket-logging-status '{}'After this, the source bucket no longer writes access logs. You can verify that logging is disabled by checking your configuration in Verify Your Logging Configuration.
Check the current logging configuration:
aws --endpoint-url https://use_your_region.digitaloceanspaces.com \
s3api get-bucket-logging \
--bucket use_your_source_bucketIf logging is enabled, the response includes a LoggingEnabled object with your TargetBucket and TargetPrefix, for example:
{
"LoggingEnabled": {
"TargetBucket": "your-log-bucket",
"TargetPrefix": "example_log_prefix/"
}
}If logging is disabled, the response is an empty JSON object.
You can also configure access logs with Terraform using the digitalocean_spaces_bucket_logging resource. The destination bucket must be in the same region as the source bocket, and your access key must include permission to write to it.
Provides a bucket logging resource for Spaces, DigitalOcean’s object storage product. The digitalocean_spaces_bucket_logging resource allows Terraform to configure access logging for Spaces buckets. For more information, see: How to Configure Spaces Access Logs
Try using different keywords or simplifying your search terms.