AWS S3 Streaming Configuration

This section provides information on configuring an AWS S3 connection with real-time event monitoring and data streaming.

To enable DDR (Streaming) for an existing AWS S3 scan, follow these steps:

Prerequisites

Existing AWS S3 connection:

  1. An AWS S3 scan configuration must already exist.
    Note: If you have not created an AWS S3 scan yet, follow the steps in the section AWS S3 to scan and setup credentials.
  2. Extend AWS S3 policy permissions to allow data streaming:
    Require a separate set of permissions for AWS SNS service:
    {
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "SNSScoped",
			"Effect": "Allow",
			"Action": [
				"sns:CreateTopic",
				"sns:DeleteTopic",
				"sns:TagResource",
				"sns:SetTopicAttributes",
				"sns:Subscribe",
				"sns:ConfirmSubscription"
			],
			"Resource": [
				"arn:aws:sns:*:876326936841:s3-event-topic-*"
			]
		},
		{
			"Sid": "S3BucketNatification",
			"Effect": "Allow",
			"Action": [
				"s3:PutBucketNotification"
			],
			"Resource": "*"
		}
	]
}

Select an Existing Scan Configuration

  1. Go to the Scan Configurations page in the Forcepoint DSPM UI.
  2. Select AWS S3 and create credentials for AWS S3.

  3. Find your AWS s3 scan configuration in the list and select Edit Configuration from the options menu.

  4. Create new AWS S3 Scan Configuration. Select path that we would like to track for streaming. Also, select the data streaming checkbox and modify the webhook host if it is required for firewall configuration.

  5. To validate that streaming events coming through the system you may check Administration > Live Events > Streaming.