Bucket policy requirements for destination s3 (for Alerts, Scheduled Queries, CSV and JSON data forwarding)

Bucket policy requirements for destination s3 (for Alerts, Scheduled Queries, CSV and JSON data forwarding)

Following are the bucket policy requirements for destination s3 (for Alerts, Scheduled Queries, CSV and JSON data forwarding)


Uptycs expects the following permissions on the destination bucket

  1. Versioning: We allow  both enabled and disabled

  2. Encryption: We support Server Side Encryption enabled and disabled.

  3. Region:us-west-2

  4. Permissions:

    1. We expect the bucket to have the following permissions for the principal(938922273831)

 

  1. "s3:PutObject",
  2. ”s3:PutObjectAcl”
  3. "s3:GetObject",
  4. "s3:ListBucket",
  5. "s3:AbortMultipartUpload",
  6. "s3:ListBucketMultipartUploads"


         b. The Format of the bucket policy in json should be as follows


*** Replace <bucket name> in lines 15, 16, 37, 38 with your bucket name ***

               

  1. {
  2.     "Version": "2008-10-17",
  3.     "Statement": [
  4.         {
  5.             "Sid": "UptycsS3ExportPolicyStmt",
  6.             "Effect": "Allow",
  7.             "Principal": {
  8.                 "AWS": "arn:aws:iam::938922273831:root"
  9.             },
  10.             "Action": [
  11.                 "s3:PutObject",
  12.                 "s3:PutObjectAcl"
  13.             ],
  14.             "Resource": [
  15.                 "arn:aws:s3:::<bucket name>",
  16.                 "arn:aws:s3:::<bucket name>/*"
  17.             ],
  18.             "Condition": {
  19.                 "StringEquals": {
  20.                     "s3:x-amz-acl": "bucket-owner-full-control"
  21.                 }
  22.             }
  23.         },
  24.         {
  25.             "Sid": "UptycsS3multipartuploadStmt",
  26.             "Effect": "Allow",
  27.             "Principal": {
  28.                 "AWS": "arn:aws:iam::938922273831:root"
  29.             },
  30.             "Action": [
  31.                 "s3:GetObject",
  32.                 "s3:ListBucket",
  33.                 "s3:AbortMultipartUpload",
  34.                 "s3:ListBucketMultipartUploads"
  35.             ],
  36.             "Resource": [
  37.                 "arn:aws:s3:::<bucket name>",
  38.                 "arn:aws:s3:::<bucket name>/*"
  39.             ]
  40.         }
  41.     ]
  42. }


If custom keys are configured for the bucket, following policy needs to be added in addition to the ones above

  1. {
            "Sid": "Allow use of the key",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::111122223333:user/john"
            },
            "Action": [
                "kms:Decrypt",
                "kms:GenerateDataKey"
            ],
            "Resource": "*" 
},

    • Related Articles

    • Export/Import Event,Alert Rules or Saved Queries

      The attached python3 code can be used to export one, several, or all event rules, alert rules, or saved queries.  1. Download the attached zip, unzip it 2. Install requirements: python3 -m pip install requirements.txt 3. Export desired objects to ...

    • Create Jira Tickets from Uptycs Alerts

      This python module allows you to create Jira tickets from Uptycs alerts.  Usage: ./uptjira.py <uptycs_apikey_file> [--domainsuffix <uptycs_domain>] The --domainsuffix flag is only required for uptycs domains other than '.uptycs.io' This python script ...

    • AWS Tag Creation From Uptycs Saved Queries

      aws_tag_from_query.py This script applies AWS tags to resources based on an Uptycs saved query. It uses the AWS Python SDK (boto3).  Usage:   python3 aws_tag_from_query.py <uptycs_apikey_file> [-q <"query name"> | --all] -k <key> [-v <value>] -ec2 ...

    • Okta Configuration

      Overview This document outlines the procedure on how to configure Okta for Uptycs SAML integration Prodedure Pre-requisite(s) Admin access to Okta Enabling and Adding new Application in Okta for Uptycs Following procedure outlines steps with sample ...

    • usql

      usql is a command line SQL client for Uptycs with auto-complete and syntax highlighting features. Pre-requisites for installation Python 2.7 or higher For complete details, refer to the article below ...