Configure the Bucket Policy to Allow Access

Bucket policies are AWS objects that you use to manage access to specific resources by defining the resource’s permissions. Permissions in the policies determine whether a principal (a user or a role) making a request is allowed or denied to perform the action in the request.

You must create an S3 bucket with a policy that grants the necessary permissions to the principal role used by the Data Forwarder. This policy is a resource-based policy.

Note: For more information regarding different bucket policy use cases and configuring varying levels of access, see: AWS S3 Bucket Policy Options for the Carbon Black Cloud Data Forwarder

Prerequisites

Create an S3 bucket in AWS.

Note: During S3 bucket configuration, you can also enable encryption. For more information, see: Encrypt Your S3 Buckets Using AWS KMS.

Procedure

In the AWS S3 bucket success message, select Go to bucket details, or click the name of the bucket from the list.
Create a new folder that serves as the base folder where the Data Forwarder pushes the data type specified when you configure the Data Forwarder in the Carbon Black Cloud console.

Important: Each Data Forwarder requires its own folder. Otherwise, data from multiple forwarders can mix in the same folder and prevent from parsing the data.
Write down the precise folder name.
You use this folder name to replace the prefix-folder-name in the bucket policy in the next step and when you add a Data Forwarder in the Carbon Black Cloud console.

From the Permissions tab, select Bucket Policy and configure it by copying the example below into the Bucket Policy Editor and adjusting the "bold" text:

Specifically, replace the values for:

Id: The “Id” value can be anything, such as “Policy04212020” (where 04212020 represents the date, in this case, April 21, 2020).
Sid: The “Sid” value can be anything, such as “Stmt04212020”.

Principal>AWS: The AWS principal value that corresponds to your Carbon Black Cloud product region.

AWS Region	Principal ID
US East (N. Virginia) us-east-1	arn:aws:iam::132308400445:role/mcs-psc-prod-event-forwarder-us-east-1-event-forwarder
Europe (Frankfurt) eu-central-1	arn:aws:iam::132308400445:role/mcs-psc-prod-event-forwarder-eu-central-1-event-forwarder
Europe (London) eu-west-2	arn:aws:iam::132308400445:role/mcs2-psc-data-forwarder-s3
Asia Pacific (Tokyo) ap-northwest-1	arn:aws:iam::132308400445:role/mcs-psc-prod-event-forwarder-ap-northeast-1-event-forwarder
Asia Pacific (Sydney) ap-southeast-2	arn:aws:iam::132308400445:role/mcs-psc-prod-event-forwarder-ap-southeast-2-event-forwarder

Resource: (AWS S3 Bucket)
The “Resource” value should include the name of your S3 bucket followed by your “prefix-folder-name”, which is the folder you created in the bucket for the specific data type you plan to forward. For example:
"Resource": "arn:aws:s3:::bucket-name/prefix-folder-name/*"

Note: When defining the resource, the final result must end with “ /*” to allow Carbon Black Cloud to create and access subfolders.

Bucket policy code

{
    "Version": "2012-10-17",
    "Id": "Policy04212020",
    "Statement": [
        {
            "Sid": "Stmt04212020",
            "Effect": "Allow",
            "Principal": {
                "AWS":
"arn:aws:iam::132308400445:role/mcs-psc-prod-event-forwarder-us-east-1-event-forwarder"
            },
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource":
"arn:aws:s3:::bucket-name/prefix-folder-name/*"
        }
    ]
}

Optional: If you want to encrypt your S3 bucket, see: Encrypt Your S3 Buckets Using AWS KMS.
Click Save.

Results

The bucket is now able to accept data from the Carbon Black Cloud Data Forwarder.

What to do next

You must add and configure a Data Forwarder in the Carbon Black Cloud.