AWS S3
How to Get or Renew the Access Key for AWS S3? See Getting or Renewing the Access Key for AWS S3.
How to Specify the AWS S3 Target? See Specifying the AWS S3 Target.
How to Add AWS S3 Data Store to CM? See Adding the AWS S3 Data Store to CM.
How to Add AWS S3 Scan Parameters? See Tunable Scan Parameters.
The document provides the instructions on how to obtain or renew AWS S3 data store credentials and use those credentials to add the data store to the CM, and how to specify the target in CM for scanning in the AWS S3 data store.
Getting or Renewing the Access Key for AWS S3
1 Log in to the AWS management console using your existing credentials.
2 On top-right corner, click on your Profile name and then click on Security Credentials.
3 Under the Access keys section, you should see your existing access key listed. You can have a maximum of two access keys at a time.
4 If two keys are already created, the Create Access Key button is disabled, then remove a key and create a new one.
- To deactivate an access key: In the Access keys section, find the key to deactivate, then click on Actions then choose Deactivate (Note: A deactivated access key still counts toward your limit of two access keys).
- To delete an access key: In the Access keys section, find the key you want to delete, then click on Actions then choose Delete. Enter the access key in the dialog box to confirm deletion of key and then click on Delete.
5 The access key has been removed. The Create access key button is now enabled.
6 To create a new access key, click on the Create access key.
7 On the Access key best practices & alternatives page, choose Others and then choose Next. (We can choose an option best for our use case, but for long-term access key we choose Others).
8 On Set description tag, you can add a description for the access key (Optional).
9 A dialog box will appear displaying the newly created access key and secret access key. Click on the Download .csv file button, a file containing your access key ID and secret access key will get downloaded. Store this file securely if lost secret access key could not be found again.
Specifying the AWS S3 Target
Amazon S3 has a global namespace. (i.e. No two S3 buckets can have the same name.)
| Path | Syntax | Example |
|---|---|---|
| Whole Bucket | <BucketName> | ddc-data |
| Specific folder in Bucket | <BucketName/folder_name> | ddc-data/test1 |
| Specific file in Bucket | <BucketName/folder_name/filename.txt> | ddc-data/test1/emp-info.txt |
| Full Data Store | Leave Empty | Leave Empty |
- For scanning all Buckets: leave out the dialog box empty.
- For scanning a whole Bucket:
- For scanning a specific folder in a Bucket:
- For scanning a specific file in a Bucket:
Adding the AWS S3 Data Store to CM
1 Go to Data Store page and then click Add Data Store.
2 Under Select Data Store Category select Cloud and then select AWS S3 from Select Cloud Type.
3 In Configure Connection screen, enter the Access Key ID and the Secret Access Key.
4 Select the Show Secret Access Key checkbox if you want to view the secret access key.
5 In the Select Number of Agents menu set the minimum and maximum number of agents for the datastore.
6 In the Add Label field, add an agent label, by entering a label or removing and existing label (Optional).
7 Enter Data Store Name, Description (Optional), Branch Location, Sensitivity Level (Optional).
8 In Add Tags and Access Control section you can change the access and add tags (Optional).
9 Click Save. Data store should have added to the CM.
Tunable Scan Parameters
The Scans > Add Scan > Advanced Configurations section provides different scan parameters for tunable scans. You can find details about these parameters in the Advance Configurations section.
These scan parameters help find additional sensitive data objects missed during a normal scan.
Below is the difference in reports of a normal scan and a tunable scan done on the same bucket in AWS S3.
Normal Scan:
Tunable Scan:
In a tunable scan, OCR and voice content support were enabled and the priority was set to normal, therefore, the number of sensitive data objects was found to be increased.
