This document will help you with the steps to ingest the Device Configuration: AWS Permissions needed for getting logs from S3 Bucket.
In order to get logs from a S3 bucket, we require below access from customer end:
"s3:ListBucket" - Lists all the logs in a bucket, allowing us to keep track of which ones have already been ingested.
"s3:GetObject" - Allows us to download the logs from the bucket
Sample IAM policy (Only for reference)
To Archive data using S3 bucket we need to fill following details.
Important note
Note that the ListBucket permission is set to the entire bucket and the GetObject permission ends with a /* suffix, so we can get files in subdirectories
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::<BUCKET_NAME>" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::<BUCKET_NAME>/*" ] } ] } |