icon-dspm.svg
Posture Control (DSPM)

Integrating with Amazon S3

You can integrate DSPM with Amazon Simple Storage Service (Amazon S3). This integration enables DSPM to send the alert data logs of your cloud resources to the Amazon S3 buckets for storage.

Only users with admin role can configure a cloud storage integration.

Integrating with Amazon S3

To integrate DSPM with Amazon S3:

  1. Go to Administration > Integrations.

  2. Click Add for cloud storage integration.

  3. On the Add Integration page:

    1. For Integration Name, enter a unique name for the integration.
    2. For Cloud Storage, select Amazon S3.

  4. Click Next.

  5. Under Cloud Storage, complete the following steps to set up the permissions required by DSPM to access the Amazon S3 bucket.

  6. For Amazon S3 Bucket Name, enter the bucket name where the data must be stored.
  7. Click the Copy icon to copy the S3 Bucket policy. The policy authorizes DSPM to access the S3 bucket. You need to paste this policy in the AWS console.
  8. Sign in to the AWS Management Console.
    1. Access the required bucket where you want to apply the bucket policy.
    2. Select Permissions.
    3. Under Bucket policy, click Edit.

    4. On the Edit bucket policy page, paste the S3 bucket policy you copied earlier, then click Save changes.

  9. In the DSPM Admin Portal, enter the Folder Location of the bucket.
  10. Before testing the connection, check the encryption type that is applied to the S3 bucket.
    1. On the AWS Management Console, select the Properties tab, then scroll down to Default encryption.

    2. Select Amazon S3 managed keys (SSE-S3) as the encryption key type for the connection to be successful and eventually for seamless data transfer.

      If you select AWS Key Management Service (SSE-KMS), then the connection fails.

  11. Click Test Connection to check if the connection is established between DSPM and Amazon S3 service. A message is displayed to indicate the connection is successful.
  12. Click Next.

  13. Review the integration summary. Click the Edit icon if you want to make any changes.

  14. Click Finish.

You can see the integration details on the Integrations page. The initial status is shown as Pending because data is not yet sent to the Amazon S3 bucket. You must first configure and associate the alert rules with this integration for DSPM to be able to send the data logs. After DSPM sends the data logs to the Amazon S3 Bucket, then the status changes to Success.

Related Articles
Integrating DSPM with Cloud Storage ServicesIntegrating with Amazon S3Integrating with Azure Blob StorageIntegrating with Amazon Security Lake