Introduction
This document describes how to resolve failed uploads of Umbrella logs to Amazon S3 buckets.
Prerequisites
When integrating Umbrella to upload logs to a private Amazon S3 bucket, ensure that you target a bucket that meets both requirements:
- The bucket exists in the AWS tenant.
- Umbrella has permission to upload to the bucket.
How to Configure the Bucket Policy in AWS
When creating the bucket, JSON can be used to configure the bucket policy on the target bucket in AWS. Note that anywhere "bucketname" is (4 places) it must be replaced with the actual name of the bucket.
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::568526795995:user/logs"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucketname/*"
},
{
"Sid": "",
"Effect": "Deny",
"Principal": {
"AWS": "arn:aws:iam::568526795995:user/logs"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::568526795995:user/logs"
},
"Action": "s3:GetBucketLocation",
"Resource": "arn:aws:s3:::bucketname"
},
{ "Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::568526795995:user/logs"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucketname"
}
]
}
Full details for configuring the upload of Umbrella logs to a private AWS S3 bucket can be found in the Umbrella documentation.
Feedback