Skip to main content

AWS S3

Highly scalable storage system offered by Amazon Web Services.

Micah Spieler avatar
Written by Micah Spieler
Updated over a year ago

With our AWS S3 integration, you can attach files to evidence directly from your S3 buckets. Using a centralized storage location like S3 means helps increase efficiency (one less step in collecting evidence), data security (no need to download sensitive files onto your desktop first), and reduce clutter (collect directly from the single source of truth).

Types of evidence might you store in Amazon S3

You can store almost any type of evidence in Amazon S3 and using a centralized storage system like S3 may help you keep your evidence organized as you're collecting it.

S3 is also especially useful for storing system settings, log files, and other evidence needed to identify your network and application systems.

  • Access log reviews

  • System settings

  • Network traffic logs

  • Firewall rules

Follow the instructions on this page to get started collecting evidence from Amazon S3.

Step 1: Configure the integration

To configure the integration with AWS S3, someone in your organization will need access to configure a new AWS IAM role and policy that gives Strike Graph permission to access their bucket and its contents.

IAM Role: an AWS IAM role includes a trust policy associated with Strike Graph, and provides us with temporary credentials to access to very specific information, in this case a policy with S3 bucket access permissions.

Policy: an AWS policy can be associated with an IAM Role, and grants specific permissions. You will need to create a policy allowing access to an S3 bucket.

To fully complete the process of integrating an S3 bucket with Strike Graph, you will need two pieces of information: the IAM ROLE ARN, and the S3 bucket name.

Create new IAM role in AWS

This role will include a Trust Policy that allows Strike Graph to assume this role, and from there, access the buckets defined in this Role’s policies. You will need two pieces of information to set up the AWS Role and trust policy:

  1. Strike Graph's integration AWS account number

  2. An external ID that is associated with your organization's Strike Graph account.

Both of these variables can be grabbed from the Integrations Manager configuration screen inside the Amazon S3 card.

In your AWS console:

Navigate to Services → IAM and find and click on the "Create role" button.

Under "type of trusted entity" select "Another AWS account"

Click the "Next: Permissions" button in the bottom right to advance to the next screen. This page will allow you to create an associated permissions policy.

Create new Policy in AWS

On the permissions page, click "Create policy" — this will open a new window where users can create a new policy.

Select the JSON tab:

Copy the JSON snippet from the Integrations Manager and paste it into AWS. Replace "INSERTBUCKETNAME" with your desired bucket.

Click next until you reach the Review screen, where you can name the policy and finalize by clicking "Create Policy".

Associate the new Role with the new Policy

Navigate back to the browser window where you left the original Role screen open. Click the refresh symbol and then select your newly created policy.

Click "Next" on the bottom right until you get to the Review screen. Give your new role a meaningful name and description (so you remember it's purpose later) and then click "Create role".

Connect the new Role with Strike Graph

Back in Strike Graph:

  1. Navigate to the Integrations Manager and open the Amazon S3 card (if you haven't already). Click the "Connect" or "Add Another" button to create a new integration with Amazon S3.

  2. Paste in the AWS Role ARN and the bucket name that you wish to connect and click "Save".

Step 2: Using Amazon S3 to attach files to evidence

Once you have activated an Amazon S3 integration, you can use it to attached files directly from your bucket to your evidence items.

  1. Open the evidence where you want to attach a file

  2. Click on the "Add Attachment" button to open the attachment modal

  3. In the attachment modal, select the integrations tab and then select your Amazon S3 integration from the list

  4. Enter the file key of a file in your bucket that you want to attach, and then click Attach

Supported file types

We support most file types through the S3 integration, see our full list here.

Removing your Amazon S3 integration

You can remove the integration at any time. Please note that removing an integration does not delete any files that were attached used during that integration. Removing an integration may also disrupt automated collection.

To remove:

  1. Go to the Integrations Manager and click on the Amazon S3 card to access the integration configurations.

  2. Click the "Deactivate" button next to the bucket name that you would like to deactivate.

Note: You may have access to remove integrations for other users on your team.

Using Automated Collection with AWS S3

With Automated Collection, Strike Graph can recollect evidence attachments from your S3 buckets a few days before expiration so that your evidence remains in an effective 'audit ready' state. More information is available here about configuring Automated Collection for your evidence.

Because the AWS S3 integration collects evidence attachments based on a specific file key, for Automated Collection to continue to get the most up-to-date copies of the evidence, you should keep the same file current with any changes you intend to be automatically collected. This typically means utilizing S3 file versioning, and updating the existing file with an updated copy.

Questions?

Reach out through our chat feature for real-time Customer Success support 8 am - 5 pm PT Monday through Friday.

Did this answer your question?