icon-zwp.svg
Posture Control (ZPC)

Integrating with Amazon S3

You can integrate Zscaler Posture Control (ZPC) with Amazon Simple Storage Service (Amazon S3). This integration enables ZPC to send the alert data logs of your cloud assets to the Amazon S3 buckets for storage and data analysis by third-party SIEM tools. To learn more, see Integrating Cloud Storage with Splunk.

Only ZPC Administrators can configure a cloud storage integration. To learn more, see About Administrators.

Integrating with Amazon S3

To integrate ZPC with Amazon S3:

  1. Go to Administration > Integrations.
  2. Click Add for cloud storage integration.

  3. On the Add Integration page:

    • For Integration Name, enter a unique name for the integration.
    • For Cloud Storage, select Amazon S3.

  4. Click Next.

  5. Under Cloud Storage, complete the following steps to set up the permissions required to access the Amazon S3 bucket.

  6. For Amazon S3 Bucket Name, enter the bucket name where the data must be stored.
  7. Click the Copy icon to copy the S3 Bucket policy. The policy authorizes ZPC to access the S3 bucket.

  8. Log in to the Amazon S3 console.

    • Access the required bucket where you want to apply the bucket policy.
    • Select Permissions.
    • Under Bucket policy, click Edit.
    • On the Edit bucket policy page, paste the S3 bucket policy and click Save changes.

  9. (Optional) For Folder Location, enter the folder location of the bucket.

  10. Before testing the connection, check the encryption type that is applied to the S3 bucket.

    • Select the Properties tab, then scroll down to Default encryption.

    • Select Amazon S3 managed keys (SSE-S3) as the encryption key type for the connection to be successful and eventually for seamless data transfer.

      If you select AWS Key Management Service (SSE-KMS), then the connection fails.

  11. Click Test Connection to verify the connection between ZPC and Amazon S3 service. If the connection happens, then a message is displayed that the connection is successful.
  12. Click Next.

  13. Review the integration summary. Click the Edit icon if you want to make any changes.

  14. Click Finish.

You can see the integration details on the Integrations page. The initial status is shown as Pending because data is not yet sent to the Amazon S3 bucket. You must configure and associate the alert rules with this integration for ZPC to be able to send the data logs. After ZPC sends the data logs to the Amazon S3 bucket, then the status changes to Success.

Related Articles
Adding Cloud Storage IntegrationsIntegrating with Amazon S3Integrating with Azure Blob StorageIntegrating Cloud Storage with SplunkIntegrating with Amazon Security LakeEditing or Deleting a Cloud Storage Integration