VMware Cloud on AWS GovCloud provides access to logs generated by systems in an SDDC. State and federal agencies have varying requirements for audit-level and system-level entries.


Verify the S3ListBucket and GetObject permissions are enabled. For more information, see AWS documentation.


  1. Log in to the AWS console using credentials valid for the AWS Account ID shown on the Connected Amazon VPC page of your SDDC's NSX Manager or Networking & Security page.
  2. Browse to https://console.amazonaws-us-gov.com/s3/buckets/vmc-logs-<org id>/?region=<aws region> .
    You are directed to the S3 bucket.
  3. For CLI access, ensure that IAM access has been granted. For more information, see the AWS documentation.
  4. Once your profile is set, run aws --profile <profile name> s3 ls s3://vmc-logs-<org id>.


After you deploy the SDDC environment, verify that the logs are present in the S3 bucket. To inspect your entries in near-real time, your organization can configure a logging solution which reads from the S3 bucket directly. For more information, see the article Splunk Add-on for AWS.