browse
When configuring an integration to upload your Umbrella logs to your own private Amazon S3 bucket, it is important that you target a bucket that both:
- Exists in your AWS tenant
- Umbrella has permission to upload to the bucket
When creating the bucket, clients should use the following JSON to configure the bucket policy on the target bucket in AWS. Note that anywhere "bucketname" is (4 places) it should be replaced with the actual name of the bucket.
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::568526795995:user/logs"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucketname/*"
},
{
"Sid": "",
"Effect": "Deny",
"Principal": {
"AWS": "arn:aws:iam::568526795995:user/logs"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::568526795995:user/logs"
},
"Action": "s3:GetBucketLocation",
"Resource": "arn:aws:s3:::bucketname"
},
{ "Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::568526795995:user/logs"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucketname"
}
]
}
Full details for configuring the upload of Umbrella logs to a private AWS S3 bucket can be found here.