Skip to main content

S3

Overview

This document outlines the process for configuring the Amazon S3 to receive findings from AlphaSOC. The integration enables you to store and analyze AlphaSOC's findings within your AWS environment.

To receive findings, set up the following AWS resources:

  • S3 bucket that stores the findings.
  • IAM Role that provides the necessary permissions to put data into the S3 bucket.

To enable this integration, please refer to the Destinations section in the AlphaSOC web console documentation.

Setting IAM Role Permissions

Replace the following placeholders with the appropriate AWS resource identifiers in the policies listed below.

  • {{S3_BUCKET_ARN}} - ARN of your S3 bucket
  • {{S3_OBJECT_PREFIX}} - S3 object path where findings should be stored

IAM Trust Policy

Define who can assume an IAM role by setting a trust relationship.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::610660487454:role/data-export"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

IAM Role Permissions

Define permissions for accessing an Amazon S3 bucket by creating an inline policy.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "InlinePolicy",
      "Effect": "Allow",
      "Action": ["s3:PutObject", "s3:PutObjectAcl"],
      "Resource": "{{S3_BUCKET_ARN}}/{{S3_OBJECT_PREFIX}}/*"
    }
  ]
}

If AWS KMS encryption is enabled for the Amazon S3 bucket, define additional permissions to allow access to the encrypted resources. Replace the following placeholders with the appropriate AWS resource identifiers listed below.

  • {{AWS_REGION}} - AWS region identifier where the encryption key is configured
  • {{AWS_ACCOUNT_ID}} - ID of your AWS account
  • {{AWS_KEY_ID}} - ID of your AWS KMS key
{
  "Sid": "KMSkey",
  "Effect": "Allow",
  "Action": "kms:GenerateDataKey",
  "Resource": "arn:aws:kms:{{AWS_REGION}}:{{AWS_ACCOUNT_ID}}:key/{{AWS_KEY_ID}}"
}