Forwarding Events to AWS S3

Configuring AWS S3 to Receive Avanan Logs

  1. Go to AWS IAM: https://console.aws.amazon.com/iam/home#/home.
  2. Create a new user.
    1. Click Users > Add user.
    2. Select a user name, enable Access Type as Programmatic access and click Next: Permissions.
    3. Click Create Group or select the group if already created.
    4. Click Create policy or select the policy if already created.
    5. On the new tab, click JSON and copy this over.
      {
                      "Version": "2012-10-17",
                      "Statement": [
                      {
                      "Effect": "Allow",
                      "Action": [
                      "s3:ListBucket"
                      ],
                      "Resource": [
                      "arn:aws:s3:::YOUR_S3_BUCKET"
                      ]
                      },
                      {
                      "Effect": "Allow",
                      "Action": [
                      "s3:GetObject",
                      "s3:GetObjectAcl",
                      "s3:PutObject"
                      ],
                      "Resource": [
                      "arn:aws:s3:::YOUR_S3_BUCKET/THE_LOG_FOLDER_IF_ANY/*"
                      ]
                      }
                      ]
                      }
    6. Click Review Policy and select the policy you just created.
    7. Enter the required name to the policy and click Create policy.
    8. After the policy is created, go back to the previous tab and click Refresh.
    9. On the next screen, select the policy name you created and click Create Policy.
    10. Go back to the Add user screen and confirm that the group you created is selected and then click Next: Tags.
    11. Add the necessary Tags (in accordance with your environment directives) and click Next: Review.
    12. Confirm all the configurations and click Create user.
      Note:
      Download the CSV file or copy the Access Key and Secret access key to a safe location. This information won't be available again.
    13. Click Close.
  3. Click Roles > Create role.
  4. Select Another AWS Account.
  5. Insert the 12 digit number of the user created in step 2 and click Next: Permissions.
    Note:
    To find the 12 digit number, open the user on another screen.
  6. Select the policy created and click Next: Tags.
  7. Add the necessary Tags (in accordance with your environment directives), select a role name and click Create Role.
  8. Search for the role you created and click on its name.
  9. Select Trust relationships and click Edit trust relationship.
  10. Copy the following JSON code and click Update Trust Policy.
    {
                "Version": "2012-10-17",
                "Statement": [
                {
                "Effect": "Allow",
                "Principal": {
                "AWS": "arn:aws:iam::731485868276:user/checkpoint-s3-log-uploader"
                },
                "Action": "sts:AssumeRole",
                "Condition": {
                "StringEquals": {
                "sts:ExternalId": "checkpoint-s3-logs"
                }
                }
                }
                ]
                }
  11. Copy the Role ARN.
    Note:
    This Role ARN is used while configuring SIEM Integration in the Avanan.
  12. Log in to Avanan and complete SIEM integration.

    For more details, see Configuring SIEM Integration.

    Note:
    After this integration, Avanan starts sending the logs to the AWS S3 bucket. You have to configure your SIEM platform to receive logs from the AWS S3 bucket.