Enabling and setting up API scanning in Forcepoint ONE SSE

There are two ways for granting access to S3: via a created IAM user or via Security Token Service. For the IAM user, you will need to use the same AWS account you used to configure Amazon Web Services in the Forcepoint ONE SSE Portal in order to setup Amazon S3 API.

Before you begin

Before beginning you will need to enable API scanning:

You can either setup a Role ARN that the user account assumes to grant the proper permissions or Forcepoint ONE SSE recommends setting up a unique IAM user account and applying the proper policy to the account. You will need the following information in addition to the user account name and password:
  • User account Access Key ID
  • User account Secret Access Key (this is only viewable when a new account is created, can be downloaded and saved).

Steps

  1. Start by logging into the Forcepoint ONE SSE admin portal and navigating to the AWS application settings page. Select Setup API and then check the box to Enable API Scanning.




  2. From there you can add your AWS tenant and select how you wish authenticate Forcepoint ONE SSE. Start by clicking the green plus icon and selecting your credential option.




  3. Depending on which option you select (IAM user or STS token), you will need to follow different steps. First follow the next section titled Create Policy then once you are done skip down to the proper authentication method you decided to use.