# Enable DNS query logging in AWS
{% hint style="info" %}
**📘It is recommended to create a new S3 bucket to be used only for DNS query log storage**
{% endhint %}
See our [Create S3 bucket](/quick-start/quickstart-aws/create-s3-bucket.md) steps.
1. Navigate to Route53 in the AWS console
2. Under **Resolver** in the sidebar, click **Query logging**
3. Click **Configure query logging**
4. Enter a name
5. Select **S3 bucket**
6. Enter the S3 URI to the S3 bucket to send your DNS query logs
7. Click **Add VPC**
8. Check the box of the VPCs to log DNS queries for, then click **Add**
9. Save the **VPC ID** as you'll need this later in Netography Fusion.
10. Click **Configure query logging** at the bottom of the page to save.
## Add the S3 bucket storing DNS query logs to your policy
We need to update the policy created in the [Create IAM policy](/quick-start/quickstart-aws/create-iam-policy.md) step to add your S3 bucket storing DNS query logs.
1. From the IAM policies page, search for your policy name, then click the + to expand it.
2. Click the **Edit** button
3. Add two new S3 entries for your DNS query logs S3 bucket, make sure you're following JSON format with proper comma syntax.
4. Click **Next**
5. Click **Save changes**
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.fusion.vectra.ai/quick-start/quickstart-aws/enable-dns-query-logging-in-aws.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.