GuidesChangelog
ProductDeveloperPartnerPersonal
ProductDeveloperPartnerPersonal

Set up an Amazon S3 Bucket

Before you can configure the ISP console to store logs to your own self-managed Amazon S3 bucket, you must first set up an Amazon S3 bucket. For information about how to do this, see Amazon's S3 documentation.

JSON Bucket Policy

When setting up your bucket, you are required to add a bucket policy so that your bucket can accept uploads from your organizations' Umbrella dashboards. Copy and paste the following JSON string, which contains the preconfigured Umbrella bucket policy, into your Amazon S3 policy.

Note: In the following JSON, change bucketname to the name of your bucket as set when you created your Amazon S3 bucket.

{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::568526795995:user/logs"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucketname/*"
},
{
"Sid": "",
"Effect": "Deny",
"Principal": {
"AWS": "arn:aws:iam::568526795995:user/logs"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*"
},

{
"Sid": "",
"Effect": "Allow",
"Principal":

{ "AWS": "arn:aws:iam::568526795995:user/logs" }

,
"Action": "s3:GetBucketLocation",
"Resource": "arn:aws:s3:::bucketname"
},

{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::568526795995:user/logs"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucketname"
}
]
}

Enable Logging to Your Own S3 Bucket < Set up an Amazon S3 Bucket > Enable Logging to a Cisco-managed S3 Bucket

Updated about 5 years ago