ok

content/1-Introduce/_index.md

@@ -28,16 +28,16 @@ Logging Amazon S3 actions with AWS CloudTrail helps keep your account secure by
 
 | Log properties                                                                                       | AWS CloudTrail | Amazon S3 server logs |
 | ---------------------------------------------------------------------------------------------------- | :------------: | :-------------------: |
-| Can be forwarded to other systems (Amazon CloudWatch Logs, Amazon CloudWatch Events)                 |      Yes       |          No           |
-| Deliver logs to more than one destination (for example, send the same logs to two different buckets) |      Yes       |          No           |
-| Turn on logs for a subset of objects (prefix)                                                        |      Yes       |          No           |
-| Cross-account log delivery (target and source bucket owned by different accounts)                    |      Yes       |          No           |
-| Integrity validation of log file by using digital signature or hashing                               |      Yes       |          No           |
-| Default or choice of encryption for log files                                                        |      Yes       |          No           |
-| Object operations (by using Amazon S3 APIs)                                                          |      Yes       |          Yes          |
-| Bucket operations (by using Amazon S3 APIs)                                                          |      Yes       |          Yes          |
-| Searchable UI for logs                                                                               |      Yes       |          No           |
-| Fields for Object Lock parameters, Amazon S3 Select properties for log records                       |      Yes       |          No           |
+| Can be forwarded to other systems (Amazon CloudWatch Logs, Amazon CloudWatch Events)                 |    **Yes**     |          No           |
+| Deliver logs to more than one destination (for example, send the same logs to two different buckets) |    **Yes**     |          No           |
+| Turn on logs for a subset of objects (prefix)                                                        |    **Yes**     |          No           |
+| Cross-account log delivery (target and source bucket owned by different accounts)                    |    **Yes**     |          No           |
+| Integrity validation of log file by using digital signature or hashing                               |    **Yes**     |          No           |
+| Default or choice of encryption for log files                                                        |    **Yes**     |          No           |
+| Object operations (by using Amazon S3 APIs)                                                          |    **Yes**     |        **Yes**        |
+| Bucket operations (by using Amazon S3 APIs)                                                          |    **Yes**     |        **Yes**        |
+| Searchable UI for logs                                                                               |    **Yes**     |          No           |
+| Fields for Object Lock parameters, Amazon S3 Select properties for log records                       |    **Yes**     |          No           |
 
 Amazon Athena is an interactive query service that makes it easy for you to analyze data in Amazon S3 using standard SQL. You do not need to manage any infrastructure with Athena, and you pay only for the queries that you run.
 

content/1-Introduce/_index.vi.md

@@ -24,22 +24,20 @@ Log các hành động của **Amazon S3** bằng **AWS CloudTrail** giúp bảo
 
 ![S3ct](/images/1.introduce/12.png)
 
-<!-- ![S3ct](/images/1.introduce/12.png) -->
-
-**So sánh giữa hai cách**
-
-| Log properties                                                                                       | AWS CloudTrail | Amazon S3 server logs |
-| ---------------------------------------------------------------------------------------------------- | :------------: | :-------------------: |
-| Can be forwarded to other systems (Amazon CloudWatch Logs, Amazon CloudWatch Events)                 |      Yes       |          No           |
-| Deliver logs to more than one destination (for example, send the same logs to two different buckets) |      Yes       |          No           |
-| Turn on logs for a subset of objects (prefix)                                                        |      Yes       |          No           |
-| Cross-account log delivery (target and source bucket owned by different accounts)                    |      Yes       |          No           |
-| Integrity validation of log file by using digital signature or hashing                               |      Yes       |          No           |
-| Default or choice of encryption for log files                                                        |      Yes       |          No           |
-| Object operations (by using Amazon S3 APIs)                                                          |      Yes       |          Yes          |
-| Bucket operations (by using Amazon S3 APIs)                                                          |      Yes       |          Yes          |
-| Searchable UI for logs                                                                               |      Yes       |          No           |
-| Fields for Object Lock parameters, Amazon S3 Select properties for log records                       |      Yes       |          No           |
+**So sánh giữa hai phương án logging**
+
+| Tiêu chí                                                                                       | AWS CloudTrail | Amazon S3 server logs |
+| ---------------------------------------------------------------------------------------------- | :------------: | :-------------------: |
+| Kết hợp với những hệ thống hay service khác (Amazon CloudWatch Logs, Amazon CloudWatch Events) |     **Có**     |         Không         |
+| Gửi log tới một hoặc nhiều destination khác (ví dụ gửi 1 log tới 2 bucket khác nhau)           |     **Có**     |         Không         |
+| Chỉ bật log cho một số object cụ thể (prefix)                                                  |     **Có**     |         Không         |
+| Gửi log xuyên account (bucket khác account)                                                    |     **Có**     |         Không         |
+| Xác thực tính toàn vẹn của log bằng cách sử dụng chữ ký số hoặc hàm băm                        |     **Có**     |         Không         |
+| Mặc định hoặc lựa chọn mã hóa cho log                                                          |     **Có**     |         Không         |
+| Log object operations (sử dụng Amazon S3 APIs)                                                 |     **Có**     |        **Có**         |
+| Log bucket operations (sử dụng Amazon S3 APIs)                                                 |     **Có**     |        **Có**         |
+| Giao diện quản lý log                                                                          |     **Có**     |         Không         |
+| Cho phép Object Lock parameters, Amazon S3 Select chọn log record                              |     **Có**     |         Không         |
 
 Bên cạnh đó, **Amazon Athena** là dịch vụ query tương tác giúp bạn dễ dàng phân tích dữ liệu trong **Amazon S3** bằng SQL tiêu chuẩn. Bạn không cần quản lý bất kỳ cơ sở hạ tầng nào với Athena và bạn chỉ trả tiền cho các truy vấn bạn chạy.
 

content/2-Prerequiste/2.1-2buckets/_index.md

@@ -0,0 +1,51 @@
+---
+title: "Create 2 bucket "
+date: "`r Sys.Date()`"
+weight: 1
+chapter: true
+pre: " <b> 2.1 </b> "
+---
+
+### Create 2 bucket
+
+1. At **AWS Management Console**, find **S3** and select **S3**.
+
+![S3console](/images/2.prerequisite/20.png)
+
+2. At **S3** console, select **Create bucket**.
+
+![CreateBucket](/images/2.prerequisite/21.png)
+
+3. In create bucket steps:
+
+- For **AWS Region**, select **Asia Pacific (Singapore) ap-southeast-1**.
+- For **Bucket name**, insert **`logging-workshop`**.
+
+![CreateBucket](/images/2.prerequisite/22.png)
+
+4. Tiếp tục:
+
+- For **Block Public Access settings for this bucket**, untick **Block all public access**.
+- For **Turning off block all public access might result in this bucket and the objects within becoming public**, confirm this.
+
+![CreateBucket](/images/2.prerequisite/23.png)
+
+5. Scroll down, select **Create bucket**.
+
+![CreateBucket](/images/2.prerequisite/24.png)
+
+6. Confirm bucket is created successfully.
+
+![CreateBucket](/images/2.prerequisite/25.png)
+
+7. Continue creating bucket **logging-workshop-destination**
+
+- For **AWS Region**, select **Asia Pacific (Singapore) ap-southeast-1**.
+- For **Bucket name**, insert **`logging-workshop-destination`**.
+- No need to untick **Block Public Access settings for this bucket**.
+- Scroll down, select **Create bucket**.
+- Confirm bucket is created successfully.
+
+![CreateBucket](/images/2.prerequisite/39.png)
+![CreateBucket](/images/2.prerequisite/40.png)
+![CreateBucket](/images/2.prerequisite/41.png)

content/2-Prerequiste/2.1-2buckets/_index.vi.md

@@ -0,0 +1,51 @@
+---
+title: "Tạo 2 bucket"
+date: "`r Sys.Date()`"
+weight: 1
+chapter: true
+pre: " <b> 2.1 </b> "
+---
+
+### Tạo 2 bucket
+
+1. Truy cập vào **AWS Management Console**, tìm **S3** và chọn **S3**.
+
+![S3console](/images/2.prerequisite/20.png)
+
+2. Trong giao diện **S3**, chọn **Create bucket**.
+
+![CreateBucket](/images/2.prerequisite/21.png)
+
+3. Trong giao diện create bucket:
+
+- Mục **AWS Region**, chọn **Asia Pacific (Singapore) ap-southeast-1**.
+- Mục **Bucket name**, nhập **`logging-workshop`**.
+
+![CreateBucket](/images/2.prerequisite/22.png)
+
+4. Tiếp tục:
+
+- Mục **Block Public Access settings for this bucket**, bỏ chọn **Block all public access**.
+- Mục **Turning off block all public access might result in this bucket and the objects within becoming public**, xác nhận mục này.
+
+![CreateBucket](/images/2.prerequisite/23.png)
+
+5. Kéo xuống dưới cùng, chọn **Create bucket**.
+
+![CreateBucket](/images/2.prerequisite/24.png)
+
+6. Xác nhận bucket đã được tạo thành công.
+
+![CreateBucket](/images/2.prerequisite/25.png)
+
+7. Tiếp tục tạo bucket **logging-workshop-destination**
+
+- Mục **AWS Region**, chọn **Asia Pacific (Singapore) ap-southeast-1**.
+- Mục **Bucket name**, nhập **`logging-workshop-destination`**.
+- Không cần bỏ chọn mục **Block Public Access settings for this bucket**.
+- Kéo xuống dưới cùng, chọn **Create bucket**.
+- Xác nhận bucket đã được tạo thành công.
+
+![CreateBucket](/images/2.prerequisite/39.png)
+![CreateBucket](/images/2.prerequisite/40.png)
+![CreateBucket](/images/2.prerequisite/41.png)

content/2-Prerequiste/2.2-permission/_index.md

@@ -0,0 +1,32 @@
+---
+title: "Update logging permission "
+date: "`r Sys.Date()`"
+weight: 2
+chapter: true
+pre: " <b> 2.2 </b> "
+---
+
+### Cập nhật quyền tạo log cho S3 log delivery group
+
+1. Return to bucket console, select bucket **logging-workshop-destination**. Scroll down to section **Object Ownership**, select **Edit**
+
+![CreateBucket](/images/2.prerequisite/41-5.png)
+![CreateBucket](/images/2.prerequisite/42.png)
+
+2.  Select **ACLs enabled**, confirm **I acknowledge that ACLS will be restored.**, select **Save changes**. This will make everythin in the **Access control list (ACL)** can create object.
+
+![CreateBucket](/images/2.prerequisite/43.png)
+
+3. Scroll down to section **Access control list (ACL)**, select **Edit**.
+
+![CreateBucket](/images/2.prerequisite/44.png)
+
+4. At **S3 log delivery group**, select **Write**, then **Save changes**.
+
+![CreateBucket](/images/2.prerequisite/45.png)
+
+5. Confrim **Write** for **S3 log delivery group**.
+
+![CreateBucket](/images/2.prerequisite/46.png)
+
+6.  Return to bucket console.

content/2-Prerequiste/2.2-permission/_index.vi.md

@@ -0,0 +1,32 @@
+---
+title: "Cập nhật quyền tạo log"
+date: "`r Sys.Date()`"
+weight: 2
+chapter: true
+pre: " <b> 2.2 </b> "
+---
+
+### Cập nhật quyền tạo log cho S3 log delivery group
+
+1. Quay về giao diện các bucket, chọn bucket **logging-workshop-destination**. Kéo xuống mục **Object Ownership**, chọn **Edit**
+
+![CreateBucket](/images/2.prerequisite/41-5.png)
+![CreateBucket](/images/2.prerequisite/42.png)
+
+2.  Chọn **ACLs enabled**, xác nhận **I acknowledge that ACLS will be restored.**, nhấn **Save changes**. Bước này sẽ giúp những đối tượng trong **Access control list (ACL)** ngoài bucket owner có quyền tạo object.
+
+![CreateBucket](/images/2.prerequisite/43.png)
+
+3. Sau đó kéo xuống mục **Access control list (ACL)**, chọn **Edit**.
+
+![CreateBucket](/images/2.prerequisite/44.png)
+
+4. Tại mục **S3 log delivery group**, chọn quyền **Write**, sau đó **Save changes**.
+
+![CreateBucket](/images/2.prerequisite/45.png)
+
+5. Xác nhận quyền **Write** cho **S3 log delivery group**.
+
+![CreateBucket](/images/2.prerequisite/46.png)
+
+6. Trở vê giao diện các bucket.

content/2-Prerequiste/2.3-upload/_index.md

@@ -0,0 +1,34 @@
+---
+title: "Upload file to S3 bucket "
+date: "`r Sys.Date()`"
+weight: 3
+chapter: true
+pre: " <b> 2.3 </b> "
+---
+
+### Upload file vào bucket
+
+1. Select bucket **logging-workshop**. Then, select **Upload**.
+
+![CreateBucket](/images/2.prerequisite/26.png)
+
+2. Select **Add files**.
+
+![CreateBucket](/images/2.prerequisite/27.png)
+
+3. Then:
+
+- Download **S3_logging_workshop.txt** here {{%attachments  pattern=".txt"/%}}
+
+{{% notice note %}}
+Open in a new tab, **Ctrl + S** to save the file to your local.
+{{% /notice %}}
+
+- confirm the file is selected
+- Select **Upload**.
+
+![CreateBucket](/images/2.prerequisite/28.png)
+
+4. Confirm uploaded successfully.
+
+![CreateBucket](/images/2.prerequisite/29.png)

content/2-Prerequiste/2.3-upload/_index.vi.files/S3_logging_workshop.txt

@@ -0,0 +1 @@
+This is S3 Logging Workshop FCJ.

content/2-Prerequiste/2.3-upload/_index.vi.md

@@ -0,0 +1,34 @@
+---
+title: "Upload file vào bucket"
+date: "`r Sys.Date()`"
+weight: 3
+chapter: true
+pre: " <b> 2.3 </b> "
+---
+
+### Upload file vào bucket
+
+1. Chọn bucket **logging-workshop**. Trong giao diện bucket, chọn **Upload**.
+
+![CreateBucket](/images/2.prerequisite/26.png)
+
+2. Trong giao diện upload, chọn **Add files**.
+
+![CreateBucket](/images/2.prerequisite/27.png)
+
+3. Tiếp tục:
+
+- Tải xuống file **S3_logging_workshop.txt** tại {{%attachments  pattern=".txt"/%}}
+
+{{% notice note %}}
+Bạn hãy mở file trong tab mới, nhấn **Ctrl + S** để lưu file về máy.
+{{% /notice %}}
+
+- Xác nhận file đã chọn thành công.
+- Chọn **Upload**.
+
+![CreateBucket](/images/2.prerequisite/28.png)
+
+4. Xác nhận file đã được tải lên thành công.
+
+![CreateBucket](/images/2.prerequisite/29.png)

content/2-Prerequiste/2.4-policy/_index.md

@@ -0,0 +1,47 @@
+---
+title: "Edit policy "
+date: "`r Sys.Date()`"
+weight: 4
+chapter: true
+pre: " <b> 2.4 </b> "
+---
+
+### Thêm policy cho bucket
+
+1. In **S3** console, select **logging-workshop** bucket.
+
+![CreateBucket](/images/2.prerequisite/30.png)
+
+2. Select **Permissions** tab.
+
+![CreateBucket](/images/2.prerequisite/31.png)
+
+3. for **Bucket policy**, select **Edit**.
+
+![CreateBucket](/images/2.prerequisite/32.png)
+
+4. Insert:
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "s3:GetObject",
+      "Resource": "arn:aws:s3:::logging-workshop/*"
+    }
+  ]
+}
+```
+
+![CreateBucket](/images/2.prerequisite/33.png)
+
+5. Chọn **Save changes**
+
+![CreateBucket](/images/2.prerequisite/34.png)
+
+6. Confirm updated successfully
+
+![CreateBucket](/images/2.prerequisite/35.png)