AWS S3

S3 Data Flow Observability

Track every object event across your S3 estate in real time. See what's flowing, what's failing, and what's costing more than it should.

Real-Time Event Streaming

Ingest S3 server access logs and CloudTrail events to build a live view of every PUT, GET, DELETE, and error across all connected buckets.

Access Pattern Heatmaps

Visualize which prefixes and objects are accessed most frequently, by which roles, and at what times , so you know exactly how your data is being consumed.

Error Rate Monitoring

Track 4xx and 5xx error rates per bucket and prefix. NoSuchKey spikes, access denied patterns, and replication failures are surfaced automatically.

Cross-Bucket Flow Graphs

Understand how data moves between buckets , from raw ingestion zones to processed and curated layers , with automatic dependency mapping.

Data Freshness Tracking

Set SLAs on how frequently your landing zones should receive new objects. Get alerted when data stops flowing before downstream pipelines notice.

Security Anomaly Detection

Detect unexpected public access, cross-account reads, and anomalous access volumes that may indicate misconfiguration or unauthorized access.

How to connect S3

1

Deploy CloudFormation stack

A read-only IAM role is created in your account. Takes under 5 minutes. Terraform module also available.

2

Enable S3 server access logging

Point your bucket logs to a central logging bucket. reCost Data Flow ingests these , no agents, no sidecars.

3

Configure CloudTrail (optional)

For object-level event tracking, enable CloudTrail data events on your S3 buckets. Provides richer access pattern data.

4

Dashboards live within 24h

Access pattern heatmaps, error rates, and data flow graphs populate automatically as logs are ingested.

Required IAM permissions

s3:GetBucketLogging
s3:GetBucketLocation
s3:GetBucketAcl
s3:GetBucketPolicy
s3:ListBucket (log bucket only)
cloudtrail:LookupEvents

All permissions are read-only. No write access is granted.

See exactly what's happening in your S3 data layer

Works with your existing AWS setup. Read-only access. No agents. No data exposure.

Book a Demo