Log Forwarding - AWS S3 Bucket

Overview

Valtix supports forwarding Security Events and Traffic Logs to an AWS S3 Bucket to send Security Events and Traffic Log information for processing, storage, access and correlation. The information sent is in a semi-structured JSON format where the attribute-value pairs can be accessed and processed.

Requirements

In order to forward Events/Logs to the AWS S3 Bucket, the following is required:

1. Create a new or use an existing AWS S3 Bucket

2. Apply the following policy to the AWS S3 Bucket to permit the Valtix Controller to access and write to the bucket:

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Principal": {
                   "AWS": "<controller-role-arn>"
               },
               "Action": "s3:*",
               "Resource": [
                   "arn:aws:s3:::<s3bucketname>/*",
                   "arn:aws:s3:::<s3bucketname>"
               ]
           }
       ]
   }
   

Profile Parameters

Parameter	Deonticity	Default	Description
Profile Name	Required		A unique name to use to reference the Profile
Description	Optional		A description for the Profile
Destination	Required	AWS S3	AWS S3 Bucket
CSP Account	Required		The CSP Account where the AWS S3 Bucket resides
S3 Bucket	Required		The AWS S3 Bucket name where Events/Logs will be forwarded