Configuring roles for the AWS S3 bucket connector

Views:

Create an S3 bucket and set up a custom role with custom permissions to allow Trend Vision One to connect to your S3 buckets.

The following instructions detail how to create an S3 bucket in AWS, and how to configure a custom role and permissions in the AWS IAM console to allow you to connect to your configured S3 bucket.

Important

The following instructions are valid for the Amazon AWS console, S3 console, and IAM console as of July 2023. If you are using a newer version, refer to the official product/service documentation.

Procedure

Create a new S3 bucket.
1. Sign in to your AWS management console and navigate to the S3 console.
  
  You can access the S3 console directly at https://console.aws.amazon.com/s3/.
2. In the S3 console, click Create bucket.
3. In the General Configuration section, specify a unique Bucket name.
4. (Optional) Configure other settings as needed for your security environment.
5. Click Create bucket.
6. Find the bucket you created and click the bucket name.
7. Click the Properties tab.
8. Copy the bucket Amazon Resource Name (ARN).
Create a role in the AWS IAM console to allow Trend Vision One to connect to your S3 bucket.
1. In the AWS management console, navigate to the IAM console.
  
  You can access the IAM console directly at https://console.aws.amazon.com/iam/.
2. In the IAM console, go to Access management → Roles.
3. Click Create role.
4. For Trusted entity type, select Custom trust policy.
  
  The Custom trust policy section appears.
5. For Principal, type "AWS": and then the Trust Role ARN: arn:aws:iam::466026206465:role/PROD-TrendV1S3Exporter.
  
  You can also copy and paste the full line as follows:
  
  "AWS":"arn:aws:iam::466026206465:role/PROD-TrendV1S3Exporter"
6. Click Next, then click Next.
7. In the Name, review, create screen, specify a unique Role name.
8. Click Create role.
9. Search for the role you created.
10. Click the name of the role you created.
11. Copy the ARN.
Create a policy to allow Trend Vision One to connect to the bucket and role.
1. In the AWS management console, navigate to the IAM console.
2. In the IAM console, go to Access management → Policies.
3. Click Create policy.
4. In the Specify permissions screen, locate Policy editor.
5. Click JSON to view the policy code.
6. Replace the code in the Policy editor with the following JSON format policy:
```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:ListBucket"
            ],
            "Resource": [
              "your-s3-bucket-arn",
              "your-s3-bucket-arn/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "iam:SimulatePrincipalPolicy",
            "Resource": "your-role-arn"
        }
    ]
}
```
7. Replace your-s3-bucket-arn on line 11 and line 12 with the bucket ARN for the bucket you created.
8. Replace your-role-arn on line 18 with the role ARN for the role you created.
  
  The following is an example configuration.
9. Click Next.
10. In the Review and create screen, specify a unique Policy name.
11. Click Create policy.
Attach the policy to the role.
1. In the AWS management console, navigate to the IAM console.
2. In the IAM console, go to Access management → Roles.
3. Search for the role you created.
4. Click the name of the role you created.
5. Click the Permissions tab.
6. Click Add permissions, then click Attach policies.
7. Search for the policy you created.
8. Select the policy and click Add permissions.