Skip to main content

Privacera Documentation

Table of ContentsTable of Contents

Configure Audit Access Settings on PrivaceraCloud

Note

Contact Privacera Support to request enabling this feature.

The access audits in the Audits page are retained for 90 days in the storage of PrivaceraCloud account. If you want to keep the access audit records for much longer, you can copy the audit records from PrivaceraCloud storage to your AWS bucket. The copied audit records in your AWS bucket is the ZIP or TAR format.

When you configure the AWS bucket and region, an ARN Role will be generated automatically by PrivaceraCloud. After configuring this setting, you can see the ARN role in your PrivaceraCloud account. This will be used in the policy of your AWS S3 bucket.

When this feature is enabled, you can see the Audit Access Settings section in the Account page.

  1. In the Audit Access Settings section of the Account page:

    1. Click the Backup of Access Audits ( AWS ) toggle button.

      The Privacera Access Audit Configuration dialog appears.

    2. In the dialog, enter a bucket name or a folder path and bucket region.

      Note

      You cannot modify the parameters after saving the bucket name and region.

    3. Click Save Settings. An ARN Role will be generated by PrivaceraCloud.

    4. Click the SHOW DETAILS button to get the ARN Role.

      The Privacera Access Audit Configuration dialog appears.

    5. Under the User Role section, copy the ARN Role.

  2. In the AWS console, add the following bucket policy to your AWS S3 bucket:

    {
    "Id": "Policy1645104586202",
    "Version": "2012-10-17",
    "Statement": [
        {
        "Sid": "Stmt1645104584705",
        "Action": "s3:PutObject",
        "Effect": "Allow",
        "Resource": [
            "arn:aws:s3:::<bucket_name_or_folder_path>",
            "arn:aws:s3:::<bucket_name_or_folder_path>/*"
            ],
        "Principal": {
            "AWS": [
            "<ARN_ROLE>"
            ]
        }
        }
    ]
    }

    In the policy above, edit the following information:

    • <bucket_name_or_folder_path>: Add the bucket name or folder path where the audit records will get copied.

    • <ARN_ROLE>: Add the ARN Role copied from PrivaceraCloud portal.

      For example, arn:aws:iam::9xxxx56xxxx0:role/PRIVACERA_AUDIT_1xxxxx933xxxx2_ROLE.