Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 21 Next »

Purpose

To use Devo to secure your AWS data, you need to authorize Devo to receive the information.

After completing these steps, you will have an S3 Bucket, SQS, SQS Access Policy, IAM Policy, Role, and Trust Policy in your AWS account.

Note that data will be available to Devo and your policies will follow AWS recommended best practices.

Permissions

These AWS account permissions are required.

  • s3:CreateBucket

  • s3:PutObject

  • s3:PutBucketNotification

  • sqs:CreateQueue

  • sqs:AddPermission

  • sqs:GetQueueUrl

  • sqs:SetQueueAttributes

  • iam:CreatePolicy

  • iam:CreateRole

  • iam:AttachRolePolicy

  • iam:UpdateAssumeRolePolicy

  • logs:CreateLogDelivery

  • logs:DeleteLogDelivery

Please visit the vendor documentation for more needed details.

Authorize it

Create an Information List

Create S3 Bucket

Create SQS

Set SQS Access Policy

IAM Policy

Role

Select Trust Policy


Validate the Authorization

If there is no data being delivered to the S3 bucket yet and the collector is running, you may validate authorization by uploading an empty file to the bucket. In devo.collectors.out the collector will log

Number of messages in the queue: 0 and Number of messages in flight 1

followed by

the file size is 0 Bytes and has 1 to process

indicating correct authorization.

  • No labels