How to integrate Amazon S3 with VMware Aria Automation for Secure Clouds

This integration sends findings from VMware Aria Automation for Secure Clouds to a designated S3 or Amazon Security Lake bucket. Findings can then be sent to any security information event management (SIEM) tool that ingests logs from either service.

Configure an Amazon S3 bucket integration

Use these directions to set up communication between the service and an active S3 bucket in AWS.

  1. Navigate to Settings > Integrations.

  2. Under Amazon S3, select Add New.

  3. Enter the name of your integration.

  4. For Data Format, select JSON.

  5. For the Bucket Name field, enter the name of the S3 bucket you want to send findings to. You must create the bucket before adding the integration.

  6. For the Object Prefix field, enter a string that can serve as a prefix for your events in the S3 bucket.

  7. Select Next.

  8. Select the Context at which others can view and edit this integration. If you're already creating this alert from the context of a specific project, it's set automatically.

  9. Select Next.

  10. Follow the instructions to generate a new IAM role that allows the service to send findings to your S3 bucket. See the AWS IAM tutorial if you need more specific instructions on how to create an IAM role.

    Important

    If you decide to create a role manually from the AWS IAM dashboard, you must define an external ID value that matches your organization ID in VMware Aria Automation for Secure Clouds.

  11. Select your role in the AWS IAM portal and edit the trust policy under the Trust relationships tab to have the following information, where <PROD-ACCT> is the AWS account ID for the VMware Aria Automation for Secure Clouds service:

    "Principal": {             
    "AWS": "arn:aws:iam::<PROD-ACCT>:root",             
    "Service": "s3.amazonaws.com"
    },
    
    Note

    Please contact VMware Aria Automation for Secure Clouds customer service to obtain the <PROD-ACCT> value if you don't already have it.

  12. Select Update Policy.

  13. Go back to the VMware Aria Automation for Secure Clouds browser client and enter both the IAM Role ARN and IAM External ID

  14. Select Next.

  15. Select Test to verify a successful connection between the integration and your S3 bucket.

  16. After receiving a successful response, click Save.

Next, create an alert for your S3 integration to start sending findings data to a bucket.

check-circle-line exclamation-circle-line close-line
Scroll to top icon