Scan a Single Amazon S3 Account

1. Log in to your AWS Console aws.amazon.com.
2. Select ServicesSecurity, Identity & ComplianceIAM.
3. Configure the Data Security policy used to connect to the Amazon S3 app.

   1. Select PoliciesCreate policy and then select Create Your Own Policy.
   2. In the Specify Permissions page, select JSON.
   3. Copy and paste the following configuration into the Policy editor section and click Next.

      {  "Version": "2012-10-17",  "Statement": [    {      "Effect": "Allow",      "Action": [        "s3:Get*",        "s3:List*",        "s3:Put*",        "s3:Delete*",        "s3:CreateBucket",        "iam:GetUser",        "iam:GetRole",        "iam:GetUserPolicy",        "iam:ListUsers",        "cloudtrail:GetTrailStatus",        "cloudtrail:DescribeTrails",        "cloudtrail:LookupEvents",        "cloudtrail:ListTags",        "cloudtrail:ListPublicKeys",        "cloudtrail:GetEventSelectors",        "ec2:DescribeVpcEndpoints",        "ec2:DescribeVpcs",        "config:Get*",        "config:Describe*",        "config:Deliver*",        "config:List*"      ],      "Resource": "*"    }  ]}

   4. Enter the Policy Name as prisma-saas-s3-policy and provide an optional description of the policy.
   5. Create Policy.
4. Configure the account that Data Security will use to access the Amazon S3 logs:

   1. Select Identity and Access Management (IAM)UsersCreate user.
   2. Enter the user name as prisma-saas-s3-user.
   3. Create an access key for an IAM user.

      Note your Access key ID and Secret access key.
   4. Select Next.
   5. Select Attach existing policies directly.
   6. Search for and select the check box next to the prisma-saas-s3-policy you created in the previous step.
   7. Select NextCreate User.

5. Configure CloudTrail logging, if you have not already done so.

   CloudTrail logging enables the Amazon S3 app to log management and data events to the CloudTrail buckets of your choice.

   1. Copy your AWS account ID into memory by clicking on your username at the top right and copy the account number.

      You will need your account number later in this procedure.
   2. Select ServicesManagement ToolsCloudTrailTrailsCreate trail.
   3. Enter the Trail name prisma-saas-s3-trail.
   4. Deselect Log file SSE-KMS encryption.
   5. To create a bucket in which CloudTrail will store management and data event logs, enter the S3 bucket name as prisma-saas-s3-<AWS account ID> in the Storage location area.

      Take note of the S3 bucket (CloudTrail bucket name) and region.
   6. Select Next.
   7. In the Choose log events page, deselect Management Events and select Data events.
   8. In the Data events pane, select Switch to basic event selectorsContinue.

   9. Ensure you select S3 in the Data event source drop-down.

      You can choose to log read and/or write events for all buckets or choose individual buckets.

      • Individual buckets—Operates as an allow list and requires ongoing maintenance.
   10. Click Next, review the details and Create trail.
6. Next Step: Proceed to adding the Amazon S3 app to .