There are two ways for granting access to S3: via a created IAM user or via Security Token Service. For the IAM user, you will need to use the same AWS account you used to configure
Amazon Web Services in the Forcepoint ONE SSE Portal in order to setup Amazon S3
API.
Before you begin
Before beginning you will need to enable API scanning:
You can either setup a Role ARN that the user account assumes to grant the proper permissions or Forcepoint ONE SSE recommends setting up a unique IAM user account and applying
the proper policy to the account. You will need the following information in addition to the user account name and password:
- User account Access Key ID
- User account Secret Access Key (this is only viewable when a new account is created, can be downloaded and saved).
Steps
-
Start by logging into the Forcepoint ONE SSE admin portal and
navigating to the AWS application settings page. Select Setup API and then check the box to Enable API
Scanning.
-
From there you can add your AWS tenant and select how you wish authenticate Forcepoint ONE SSE. Start by clicking the green plus icon and selecting
your credential option.
-
Depending on which option you select (IAM user or STS token), you will need to follow different steps. First follow the next section titled Create Policy
then once you are done skip down to the proper authentication method you decided to use.