Amazon S3

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.

Prerequisites

  • Ensure that the IAM user has the necessary permissions to access the S3 bucket.

  • Harmony SASE uses these IP addresses to deliver SIEM logs:

    • US tenant:

      • 44.199.0.186

      • 44.198.227.127

      • 50.19.134.176

      • 23.20.83.77

      • 54.85.165.134

    • EU tenant

      • 52.50.186.78

      • 79.125.50.175

      • 34.246.127.40

Configuring the Integration in the AWS Management Console

Step 1 - Creating a New Bucket

  1. Log in to the AWS Management Console.

  2. Go to AWS Services and select S3.

  3. Click Create Bucket.

    The Create bucket window appears.

  4. In the Bucket name field, enter the name of the bucket.

    The name must contain alphabets only. Hypen (-) and period (.) are not supported.

  5. In the Region field, enter the region where Amazon S3 creates buckets. Select the AWS region geographically nearest to you.

  6. Select or clear the Block all public access checkbox according to your company policy. It is selected by default.

  7. In Advanced settingsObject Lock, select Disable.

  8. Click Create bucket.

Step 2 - Creating a New IAM Policy

Important - You can grant the user full access to your S3 buckets (by attaching the appropriate AWS managed policy) or create a new policy that applies only to the Harmony SASE bucket. If you grant full access, skip this procedure.

  1. Log in to the AWS Management Console.

  2. Open the AWS Identity and Access Management (IAM) dashboard.

  3. Go to the Policies tab and click Create policy.

  4. Paste this snippet as a JSON file. Replace test with the bucket name.

    Copy 
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": "s3:*",
                "Resource": "arn:aws:s3:::test"
            },
            {
                "Effect": "Allow",
                "Action": "s3:*",
                "Resource": "arn:aws:s3:::test/*"
            }
        ]
    }

    Important - For a full list of permissions granted, see permissions. To restrict the list of permissions, add the highlighted text to the syntax. 

    {
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow" ,
"Action" : [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource" : ["${aws_s3_bucket.pm81-logs.arn}"]
},
{
"Effect" : "Allow" ,
"Action" : [
"s3:PutObject" ,
"s3:GetObject" ,
"s3:DeleteObject" ],
"Resource" : ["${aws_s3_bucket.pm81-logs.arn}/*" ]
}
]}

  5. Click Review policy.

    The Review policy window appears.

  6. Enter these:

    1. Name: Name of the policy.

    2. (Optional) Description

  7. Click Create policy.

Step 3 - Creating an AWS User

  1. Log in to the AWS Management Console.

  2. Open the AWS Identity and Access Management (IAM) dashboard.

  3. Go to the Users tab and click Create user.

  4. In the Username field, enter a name.

    Click Next.

  5. Click Attach policies directly and select the policy you created earlier.

    If you have granted full access, then select the S3 full access AWS managed policy.

  6. Click Next.

Step 4 - Creating an AWS Access Key

  1. Log in to the AWS Management Console.

  2. Open the AWS Identity and Access Management (IAM) dashboard.

  3. Go to the Users tab and select the user you have created.

  4. Click the Security credentials tab.

  5. Scroll down to Access keys and click Create access key.

  6. Select Application running outside AWS and click Next.

  7. Select Create access key.

  8. Description tag is optional.

  9. Copy the Secret access key and the Access key.

  10. Click Done.

Configuring the Amazon S3 Integration in the Harmony SASE Administrator Portal

  1. Access the Harmony SASE Administrator Portal and click SettingsIntegrations.

  2. In the SIEM integrations section, in the Amazon S3 row, click Add.

    The Amazon S3 window appears.

  3. In the Access Key ID field, enter the Access key copied from AWS console.

  4. In the Secret Access Key field, enter the Secret access key copied from AWS console.

  5. In the Bucket field, enter the Amazon S3 bucket name (for example in this case, arn:aws:s3:::test, the bucket name is test)

  6. In the Bucket region field, enter the region selected when you created the Amazon S3 bucket.

  7. Click Validate.

Troubleshooting

Status message Action required
Success None
 S3_INVALID_ACCESS_KEY_ID Make sure you copied the correct access key ID.
S3_INVALID_SECRET_ACCESS_KEY Make sure you copied the correct secret access key.
S3_INVALID_BUCKET Make sure the Bucket name in Harmony SASE matched the Bucket name in Amazon S3 (case sensitive).
S3_ACCESS_DENIED_BUCKET

The IAM user does not have the required access permissions to the bucket. Make sure to attach the appropriate policy.