Versions Compared

Version Old Version 2 New Version 3
Changes made by

Juan Tomás Alonso Nieto

Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rw ui steps macro
Rw step

Navigate back to your S3 bucket with data in it.

Rw step

Click the Properties tab of the bucket.

Rw step

Click the Events box under Advanced settings.

Rw step

Click Create event notification

Image RemovedImage RemovedImage AddedImage Added
Rw step

Setup the event notifications similar to the following:

  • The event notification name can follow whatever naming convention you need.

  • Type of event: All object create events

  • If you put in a Prefix for your technology types, set the same here

  • The suffix should be .json.gz

  • Set SQS Queue as notifications destination

  • Select the SQS queue name of the queue you created earlier.

Rw step

Click the Save button after configuring this.

Rw step

CloudTrail trail logs should now be generating corresponding messages in the queue if all was properly configured.

...

Rw ui steps macro
Rw step

Navigate to the IAM console.

Rw step

Go to the Policies section.

Rw step

Create a policy.

Rw step

Choose the JSON method and enter in the following policy while replacing the items within {{}} (ARN’s for the S3 bucket -optionally including configured prefix- and the SQS queue setup are in the previous steps of this guide).

Code Block
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "sqs:DeleteMessage",
        "sqs:GetQueueAttributes",
        "sqs:ChangeMessageVisibility",
        "sqs:ReceiveMessage",
        "sqs:GetQueueUrl"
     ],
     "Resource": [
       "arn:aws:sqs:<<YOUR_SQS_REGION>>:<<ACCOUNT_NUMBER>>:<<QUEUE_NAME>>",
       "arn:aws:s3:::<<BUCKET_NAME>/<<OPTIONAL_PREFIX_SCOPE_LIMIT>>/*"
     ]
   }
 ]
}

You can keep adding more resources if you have multiple SQS queues and S3 buckets that you would like Devo to pull and read from.

Info

  • If KMS encryption is active for the S3 bucket, the respective KMS key must be included as a resource within the IAM policy. Otherwise, the Devo collector will fail to pull events due to a permission error: "An error occurred (AccessDenied) when calling the GetObject operation: Access Denied".

  • The /* trailing in the S3 ARN denotes access to objects in the S3 Bucket. If missing, calls to the S3 API will result in a permission error and objects cannot be accessed by the collector.

Rw step

Give the policy a name with the naming convention that your account uses as necessary and an optional description.

Rw step

Click Create and note down the policy name you've created for the access method needed for the Devo collector's proper functioning.

...