AWS S3 Streaming Configuration

This document provides information on configuring an AWS S3 connection with real-time event monitoring and data streaming.

To enable Real Time Events Monitoring (Streaming) for an existing AWS S3 scan, follow these steps:

Prerequisites

Existing AWS S3 connection:

  1. An AWS S3 scan configuration must already exist.
    • If you have not created an AWS S3 scan yet, follow this guide to AWS S3 scan and ensure the necessary credentials are set up.
  2. Extend AWS S3 policy permissions to allow data streaming:
    Require a separate set of permissions for AWS SNS service:
    {
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "SNSScoped",
			"Effect": "Allow",
			"Action": [
				"sns:CreateTopic",
				"sns:DeleteTopic",
				"sns:TagResource",
				"sns:SetTopicAttributes",
				"sns:Subscribe",
				"sns:ConfirmSubscription"
			],
			"Resource": [
				"arn:aws:sns:*:876326936841:s3-event-topic-*"
			]
		},
		{
			"Sid": "S3BucketNatification",
			"Effect": "Allow",
			"Action": [
				"s3:PutBucketNotification"
			],
			"Resource": "*"
		}
	]
}

Select an Existing Scan Configuration

  1. Go to the Scan Configurations page in the Forcepoint DSPM UI.
  2. Select AWS S3 and create credentials for AWS S3.
  3. Find your AWS s3 scan configuration and select Edit Configuration from the options menu.
  4. Create new AWS S3 Scan.
  5. Select Patch that we would like to track for streaming.
  6. Select Data streaming checkbox and modify webhook host if it is required for firewall configuration.
  7. To validate that streaming events coming through the system you may check Administration > Live Events > Streaming.