Send JSON to Amazon S3
  • 4 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Send JSON to Amazon S3

  • Print
  • Share
  • Dark
    Light

The Send JSON to Amazon S3 action takes the saved query supplied as a trigger (or entities that have been selected in the asset table), creates a JSON file, and sends it to a specific Amazon Simple Storage Service (Amazon S3) bucket.

To configure the Send JSON to Amazon S3 action, from the Action Library, click Notify, and then click Send JSON to Amazon S3.

image.png

image.png

Connection Settings

  1. Use stored credentials from the AWS adapter (required, default: False) -
    • If enabled, Axonius will use the AWS adapter connection credentials that match the specified AWS Access Key ID to determine the IAM user/role to be used to send a JSON file to an S3 bucket.
    • If disabled:
      • If Use attached IAM role is enabled, Axonius will use the EC2 instance (Axonius installed on) attached IAM user/role to send a JSON file to an S3 bucket.
      • Else, it will use the IAM user/role associated with the specified IAM Access Key ID and IAM Access Key Secret to send a JSON file to an S3 bucket.
NOTE
To use this option, you must successfully configure an AWS adapter connection.
  1. AWS Access Key ID (required, default: empty) - Specify the AWS Access Key ID to access the Amazon S3 bucket.
  2. AWS Secret Access Key (optional, default: empty) - Specify the AWS Secret Access Key for the specified AWS Access Key ID.
    • If supplied (and both Use stored credentials from the AWS adapter and Use attached IAM role are disabled), Axonius uses the account user credentials to send a JSON file to an S3 bucket.
    • If not supplied (and both Use stored credentials from the AWS adapter and Use attached IAM role are disabled), Axonius will fail any execution of this action.
  3. Use attached IAM role (required, default: False)
    • If enabled (and Use stored credentials from the AWS adapter is disabled), Axonius will use the EC2 instance (Axonius installed on) attached IAM to be used to send a JSON file to an S3 bucket.
    • If disabled (and Use stored credentials from the AWS adapter is disabled), Axonius will use the supplied account details in the IAM Access Key ID and IAM Access Key Secret to send a JSON file to an S3 bucket.
    NOTE

    This option will be ignored if Use stored credentials from the AWS adapter is enabled.

  4. AWS region (optional, default: us-east-1) - Specify the region name the Amazon S3 located.
    • If supplied, PutObject operation will be done on the supplied Amazon S3 details in the supplied region.
    • If not supplied, PutObject operation will be done on the supplied Amazon S3 details in 'us-east-1'.
    NOTE

    This option will be ignored if Use stored credentials from the AWS adapter is enabled.

  5. HTTPS proxy (optional, default: empty) - A proxy to use when connecting to the AWS APIs.
    • If supplied, Axonius will utilize the proxy when connecting to the Amazon S3 bucket.
    • If not supplied, Axonius will connect directly to the Amazon S3 bucket.
  6. Amazon S3 bucket name (required, default: empty) - Specify the Amazon S3 bucket name for which the file will be sent.
    For creating, configuring, and access Amazon S3 buckets, see Working with Amazon S3 Buckets in AWS online help.
  7. Amazon S3 object location (key) (optional, default: empty) - Specify the S3 object key to store a JSON file that contains the entities derived from the saved query supplied as a trigger (or entities that have been selected in the asset table).
    • If supplied, the JSON file path and name will be stored in the specified object key. For example, if reports/axonius is specified, the file path and name will be reports/axonius.json.
    • If not supplied, the JSON file will be stored as axonius_enforcement_center_data.json.
  8. Append date and time to file name (required, default: False)
    • If enabled, the date and time (in UTC) of enforcement action execution will be added as a suffix to the generated JSON file name. For example, axonius_2020-01-06-16:48:13.json.
    • If disabled, the JSON file will be stored based on the specified/default object key.
  9. Override file if exists (required, default: False) - choose to store the generated JSON file even if a JSON file with the same name already exists.
    • If enabled, the generated JSON file will be stored even if a JSON file with the exact name already exists.
    • If disabled, the generated JSON file will be not be stored if a JSON file with the exact name already exists. As a result, the Enforcement action will fail.
  10. Instance name (required) - The Axonius node to utilize when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.

Required Permissions

The values supplied in AWS Access Key ID and AWS Access Key Secret or the EC2 instance (Axonius installed on) attached IAM role account must have the following permissions:

  • s3:PutObject
  • s3:GetObject
  • s3:ListAllMyBuckets
  • s3:ListBucket
  • s3:PutObjectTagging
  • s3:DeleteObject
  • s3:HeadBucket

Those permissions must be added to a policy attached to relevant IAM user account.
For details on creating an IAM user and attaching policies, see Connecting the Amazon Web Services (AWS) Adapter.



For more details on other Enforcement available actions, see Action Library.
For more details on Enforcement Set configurations, see Enforcement Set configuration.

Was This Article Helpful?