Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Current »

Overview

This document will help you with the steps to ingest the Device Configuration: AWS Permissions needed for getting logs from S3 Bucket.

Prerequisite

In order to get logs from a S3 bucket, we require below access from customer end:

  1. "s3:ListBucket" - Lists all the logs in a bucket, allowing us to keep track of which ones have already been ingested.

  2. "s3:GetObject" - Allows us to download the logs from the bucket

Sample Steps

Sample IAM policy (Only for reference)

Important note

  • Note that the ListBucket permission is set to the entire bucket and the GetObject permission ends with a /* suffix, so we can get files in subdirectories

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::<BUCKET_NAME>"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::<BUCKET_NAME>/*"
            ]
        }
    ]
}

  • No labels

Seceon Inc. All rights reserved. https://www.seceon.com