S3
Overview
This document outlines the process for configuring the Amazon S3 to receive findings from AlphaSOC. The integration enables you to store and analyze AlphaSOC's findings within your AWS environment.
To receive findings, set up the following AWS resources:
- S3 bucket that stores the findings.
- IAM Role that provides the necessary permissions to put data into the S3 bucket.
To enable integration, please provide the following configuration details to AlphaSOC:
- S3 bucket name.
- S3 bucket AWS region.
- S3 object prefix (destination path for storing security analytics data).
- IAM role ARN.
Setting IAM Role Permissions
Replace the following placeholders with the appropriate AWS resource identifiers in the policies listed below.
{{S3_BUCKET_ARN}}- ARN of your S3 bucket{{S3_OBJECT_PREFIX}}- S3 object path where findings should be stored
IAM Trust Policy
Define who can assume an IAM role by setting a trust relationship.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::610660487454:role/data-export"
},
"Action": "sts:AssumeRole"
}
]
}
IAM Role Permissions
Define permissions for accessing an Amazon S3 bucket by creating an inline policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "InlinePolicy",
"Effect": "Allow",
"Action": ["s3:PutObject", "s3:PutObjectAcl"],
"Resource": "{{S3_BUCKET_ARN}}/{{S3_OBJECT_PREFIX}}/*"
}
]
}
If AWS KMS encryption is enabled for the Amazon S3 bucket, define additional permissions to allow access to the encrypted resources. Replace the following placeholders with the appropriate AWS resource identifiers listed below.
{{AWS_REGION}}- AWS region identifier where the encryption key is configured{{AWS_ACCOUNT_ID}}- ID of your AWS account{{AWS_KEY_ID}}- ID of your AWS KMS key
{
"Sid": "KMSkey",
"Effect": "Allow",
"Action": "kms:GenerateDataKey",
"Resource": "arn:aws:kms:{{AWS_REGION}}:{{AWS_ACCOUNT_ID}}:key/{{AWS_KEY_ID}}"
}