Forwarding Events to AWS S3
Configuring AWS S3 to Receive Avanan Logs
- Go to AWS IAM: https://console.aws.amazon.com/iam/home#/home.
-
Create a new user.
-
Click Users > Add user.
-
Select a user name, enable Access Type as Programmatic access and click Next: Permissions.
-
Click Create Group or select the group if already created.
-
Click Create policy or select the policy if already created.
-
On the new tab, click JSON and copy this over.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::YOUR_S3_BUCKET" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectAcl", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::YOUR_S3_BUCKET/THE_LOG_FOLDER_IF_ANY/*" ] } ] } - Click Review Policy and select the policy you just created.
-
Enter the required name to the policy and click Create policy.
- After the policy is created, go back to the previous tab and click Refresh.
-
On the next screen, select the policy name you created and click Create Policy.
-
Go back to the Add user screen and confirm that the group you created is selected and then click Next: Tags.
- Add the necessary Tags (in accordance with your environment directives) and click Next: Review.
-
Confirm all the configurations and click Create user.
Note:Download the CSV file or copy the Access Key and Secret access key to a safe location. This information won't be available again. - Click Close.
-
Click Users > Add user.
- Click Roles > Create role.
- Select Another AWS Account.
-
Insert the 12 digit number of the user created in step 2 and click Next: Permissions.
Note:To find the 12 digit number, open the user on another screen.
-
Select the policy created and click Next: Tags.
-
Add the necessary Tags (in accordance with your environment directives), select a role name and click Create Role.
-
Search for the role you created and click on its name.
-
Select Trust relationships and click Edit trust relationship.
-
Copy the following JSON code and click Update Trust Policy.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::731485868276:user/checkpoint-s3-log-uploader" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "checkpoint-s3-logs" } } } ] } -
Copy the Role ARN.
Note:This Role ARN is used while configuring SIEM Integration in the Avanan. -
Log in to Avanan and complete SIEM integration.
For more details, see Configuring SIEM Integration.
Note:After this integration, Avanan starts sending the logs to the AWS S3 bucket. You have to configure your SIEM platform to receive logs from the AWS S3 bucket.