Skip to main content

PrivaceraCloud Documentation

S3

:

This topic describes how to connect S3 application to PrivaceraCloud.

Connecting to an AWS hosted data source requires authentication or a Trust relation with those resources. You will provide this information as one step in the AWS Data resource connection. You will also need to specify your AWS Account Region.

Prerequisites in AWS console

The following prerequisites must be met:

  1. Create or use an existing IAM role in your environment. The role should be given access permissions by attaching an access policy in the AWS Console.

  2. Configure a Trust relationship with PrivaceraCloud See AWS Access Using IAM Trust Relationship for specific instructions and requirements for configuring this IAM Role.

Connect S3 application

  1. Go to Settings > Applications.

  2. On the Applications screen, select S3 application..

  3. Enter the application Name and Description, and then click Save.

    You can see Privacera Access Management and Data Discovery with the toggle buttons.

    Note

    If you don't see Data Discovery in your application, enable it in Settings > Account > Discovery. For more information, see About Account.

Enable Privacera Access Management for S3

  1. Click the toggle button to enable Privacera Access Management for your application.

  2. On the BASIC tab, enter values in the following fields.

    • With Use IAM Role disabled:

      1. AWS Access Key: AWS data repository host account Access Key.

      2. AWS Secret Key: AWS data repository host account Secret Key

      3. AWS Region: AWS S3 bucket region.

    • With Use IAM Role enabled:

      1. AWS IAM Role: Enter the actual IAM Role using a full AWS ARN.

      2. AWS IAM Role External Id: For additional security, an external ID can be attached to your IAM role configured. This assures that your IAM role can be assumed by PrivaceraCloud only when the configured external ID is passed.

        Note

        The external ID is stored encrypted. It is never reflected back to the UI or is made visible.

      3. AWS Region: AWS S3 bucket region.

  3. On the ADVANCED tab, you can add custom properties.

  4. Using the IMPORT PROPERTIES button, you can browse and import application properties.

  5. Click the TEST CONNECTION button to check if the connection is successful, and then click Save.

    Note

    You can only use one S3 setup per account for Privacera Access Management

  6. Recommended: Install the AWS CLI.

    Open Launch Pad and follow the steps to install and configure AWS CLI to your workstation so that it uses the PrivaceraCloud S3 Data Server proxy.

  7. Recommended: Validate connectivity by running AWS CLI for S3 such as:

    aws s3 ls

Note

Dataserver also supports logging the requested user's name in AWS CloudWatch Logs. For more information see Add UserInfo in S3 Requests sent via Dataserver.

Enable Data Discovery for S3

  1. Click the toggle button to enable Data Discovery for your application.

  2. On the BASIC tab, enter values in the following fields.

    • With Use IAM Role disabled:

      1. AWS Access Key: AWS data repository host account Access Key.

      2. AWS Secret Key: AWS data repository host account Secret Key

      3. AWS Region: AWS S3 bucket region.

    • With Use IAM Role enabled:

      1. AWS IAM Role: Enter the actual IAM Role using a full AWS ARN.

      2. AWS Region: AWS S3 bucket region.

  3. On the ADVANCED tab, you can add custom properties.

  4. Using the IMPORT PROPERTIES button, you can browse and import application properties.

  5. Click the TEST CONNECTION button to check if the connection is successful, and then click Save.

Go to PrivaceraCloud > Privacera Discovery > Data Source to add a resources using this connection as Discovery targets. See Privacera Discovery scan targets for quick start steps.