To create an AWS S3 bucket for use with IBM QRadar, perform the following procedure.

Prerequisites

See Data Forwarder Input for IBM QRadar.

Procedure

  1. Create an S3 bucket in your AWS Management Console. See Create an S3 Bucket in the AWS Console.
  2. Configure an AWS S3 Bucket to allow the Data Forwarder to write events. See Configure the Bucket Policy to Allow Access.
  3. Create a Management Access Policy: 
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "sqs:GetQueueUrl",
                "sqs:DeleteMessage",
                "sqs:SendMessageBatch",
                "sqs:ReceiveMessage",
                "sqs:SendMessage"
            ],
            "Resource": [
                "arn:aws:sqs:<aws-region>:535601802221:<name-of-queue>",
                "arn:aws:s3:::<name-of-s3-bucket>/*"
            ]
        }
    ]
}
  4. Create a user that uses that policy. Select Programmatic Access to generate an Access Key ID and Secret Access Key.
  5. Save the generated Access Key ID and Secret Access Key.

What to do next

Create an SQS Queue for Data Forwarder Input with IBM QRadar