AWS S3 Integration via API

Overview

To view AWS S3 logs through the Logsign Unified SecOps Platform product, you will need to perform some configuration.

First, enter the connection you have for AWS S3 and open the interface. You are expected to be an authorized user who can access the administration panel and take action.

 

Prerequisites

  • Logsign Unified SecOps Platform 6.4.30+ versions support this integration.

 

Configure On AWS S3

Sign in to your AWS account
Go to the IAM (Identity and Access Management) service. You can find it by typing “IAM” in the search bar in the AWS Management Console.

IAM Select.png

Next we need to create a user.
Click on Users from the left side menu.On the page that opens, click the Add users button in the upper right corner.

create user.png

During or after the user creation phase, it is necessary to give permission by entering it. At this permission granting stage, you need to select the 'Attach policies directly' option and type and select 'AmazonS3ReadOnlyAccess'.

add permission.png

We need to log in to the account we created and click on the Create access key tab that appears on the incoming screen.

create access key.png

Then we need to take note of the AccessKey and SecretKey information given to us in the light of the information we have created. We will make the API connection with this information.

secretkey accesskey.png
After creating a user and getting an API key, we need to make arrangements related to our S3 service.

 

We switch to AWS Management Console again.
Go to the S3 service (type “S3” in the search bar and click).

S3 Select.png

We need to create a bucket, for this we need to click on the Create bucket option on the top right.

bucket create first page.png

Bucket name: Decide on the bucket name. Each bucket name must be unique worldwide. So you cannot use a bucket name that someone else is using. For example: my-first-bucket-12345.

bucket create details.png

AWS Region: Choose which region to host the bucket in. This determines in which data center the data will be physically held. For example, you can choose a region like EU (Frankfurt) or US East (N. Virginia). When choosing the region, it is recommended to choose a region that is close to where most users are located, as this reduces latency and increases data access speed.

 

After creating the bucket, we need to configure the settings.

 

Block Public Access settings for this bucket

AWS S3 blocks all public access by default on newly created buckets as a security measure.

It is recommended to leave all settings disabled, because making this bucket publicly accessible can pose security risks.

 

You can use the encryption method by default.

By checking Enable, you can choose one of the default encryption methods offered in AWS S3 (for example, SSE-S3 or SSE-KMS).

 

Versioning - This field is very important.

Bucket versioning: If you want to keep a history of the files in the bucket, you can enable versioning. This way you can access older versions of the files.

bucket versioning close.png

NOTE: You must disable this setting.

 

After you have made all the settings, click on the Create bucket button at the bottom of the screen. That's it! You have now created an S3 bucket.

bucket selection and edit.png
Once inside the bucket, go to the Properties tab from the tabs above.

bucket properties.png
On the Properties tab, scroll down and find the Server Access Logging section.

server access logging opening.png

In this section, click the Edit button on the right side.
We enable logging at this stage.

server access logging.png

Check the Enable logging option.
Target bucket: Here you need to specify the bucket where the logs will be saved. You should select the bucket you just created here. For example, logging-bucket.


You should also select the log format as shown.

log format.png

Add Bucket Policy

 

You need to add a policy to the bucket where the logs will be saved to allow AWS to write the logs to this bucket. Let's give additional permission to this bucket with the following policy.

 

On the Permissions tab, go to Bucket Policy and add the following bucket policy.

This policy provides the necessary permission for S3 to write logs to the bucket (logging-bucket).

Ekran Resmi 2024-09-24 11.04.02.png

You need to add the field below to the information in this field.

{
"Version": "2012-10-17",
"Id": "S3-Console-Auto-Gen-Policy-1726843681672",
"Statement": [
{
"Sid": "S3PolicyStmt-DO-NOT-MODIFY-1726843681434",
"Effect": "Allow",
"Principal": {
"Service": "logging.s3.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucketnameherelogsign/*",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "515966492387"
}
}
}
]
}

Integration via Logsign Unified SecOps Platform

Log into Logsign Unified SecOps Platform and then click on the Settings option in the top menu. In the window that opens, click on ‘Data Collection’ on the left side to view the sources you have added to Logsign Unified SecOps Platform. Click on the ’ + Device ’ option on the right side to begin the process of adding a source.

 

After selecting AccessKey, SecretKey and Region, we need to click 'Check Connection' and wait a bit. The first region we select is the region to which our AWS account is connected.

Ekran Resmi 2024-09-23 17.26.03.png

Ekran Resmi 2024-09-23 17.26.29.png

Ekran Resmi 2024-09-23 17.26.49.png

Then the bucket list will be loaded when Check Connection is complete. Here we need to select the name of the bucket we want to log and then select the region.

Logsign Unified SecOps Platform

After the operations, the source is registered and the logs generated in the source are sent to Logsign Unified SecOps Platform.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.