Begin Scanning an Amazon S3 App
Secure your AWS S3 accounts and protect them from data
exfiltration and malware propagation while adhering to AWS best
practices for your security monitoring.
To connect an Amazon S3 app and begin scanning assets,
you need to:
Learn how SaaS Security API
excludes S3
buckets.
Set up on Amazon S3 for either single account or multiple
accounts:
As you prepare to scan your Amazon S3 account, take note of the
following values in the worksheet provided, as they are required to
complete the setup of the Amazon S3 app on SaaS Security API:
| Required to enable the Amazon S3 Bucket
created in CloudTrail. |
| Grants SaaS Security API permission to access
Amazon S3. |
| The administrator root access key used to
configure IAM services. |
CloudTrail bucket name (or full path if
the CloudTrail feature is already enabled) | Enables the Amazon S3 app to log management
and data events to a CloudTrail bucket of your choice. |
| A configured area in CloudTrail
that is scanned. |
| When scanning multiple AWS S3 accounts,
each IAM role defines a set of permissions that grant access to
actions and resources in AWS. |