Integrate Prisma Cloud with Amazon S3

Learn how to integrate Prisma™ Cloud with Amazon S3.
Amazon S3 is widely used for storage and staging data. You can integrate Prisma Cloud with Amazon S3 to get notifications for configuration, audit, and anomaly policy violations.
Using this integration, you can stream the Prisma Cloud alerts to an Amazon S3 bucket or folder. You can also decide how often the notifications should be published to the S3 bucket using
File Roll Up Time
.
This integration is supported only on alerts 2.0-enabled tenants.
  1. Configure Amazon S3 to receive Prisma Cloud alerts.
    1. Log in to the AWS management console and select S3.
      • Create an S3 bucket in your preferred region.
      • (Optional) Create a folder. If the desired bucket or folder path already exists, you can skip this step.
    2. Select IAM and create a role for Prisma Cloud to be able to write notifications to the S3 bucket.
      • Create a new policy with the
        s3:PutObject
        permission for the bucket you created in Step 1. The policy document should be similar to:
        Do not use PutObject permission on all buckets as it may generate an alert on the Prisma Cloud console.
      • To configure multiple S3 integrations with multiple buckets, the policy document should be similar to:
      • Create an IAM role with the following configurations:
      • Select type of trusted entity
        Another AWS Account
        .
        Enter the Account ID*
        188619942792
        . In case of AWS Gov accounts, enter the Account ID*
        342570144056
        .
      • Configure the
        External ID
        for IAM role. The External ID associated with the IAM role must be a UUID in a 128-bit format, and not any random string. If you’re using the Prisma Cloud web console, click
        Generate Token
        to generate the External ID while adding the S3 integration. If you’re using the Prisma Cloud API, you must manually create the External ID.
      • Select the policy created in Step 2 and follow the steps to configure the IAM role.
      • Save
        .
  2. Set up the Amazon S3 Integration on Prisma Cloud.
    1. Log in to Prisma Cloud.
    2. Select
      Settings
      Integrations
      .
    3. Add Integration
      Amazon S3
      . A modal wizard opens where you can add the S3 integration.
    4. Enter a
      Name
      and (optional)
      Description
      .
    5. Enter
      S3 URI
      for the S3 bucket or folder path from Step 1. The format should be:
      s3://bucketname/
      or
      s3://bucketname/foldername/
      .
    6. Enter the
      AWS Region
      in which you created the S3 bucket.
    7. Generate
      the External ID to associate it to the IAM role which is required for Prisma Cloud to be able to write notifications to the S3 bucket.
    8. Enter the
      Role ARN
      of the IAM role setup during Step 1b.
    9. Select the
      File Roll Up Time
      from the drop-down. The default is 1 hour, you can change it to, 15 minutes, 30 minutes, or 3 hours.
    10. Next
      .
    11. Test
      and
      Save
      the integration.
    12. You should receive a success message and a test file should be created on the specified S3 URI.
    13. To edit the integration, click the corresponding
      Edit
      icon. The integration
      Summary
      page opens.
    14. Edit
      to update the integration as required.
    15. Next
      to review your edits.
    16. Test
      and
      Save
      the integration.

Recommended For You