Send JSON to Amazon S3
  • 25 May 2022
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Send JSON to Amazon S3

  • Dark
    Light
  • PDF

The Send JSON to Amazon S3 action takes the saved query supplied as a trigger (or entities that have been selected in the asset table), creates a JSON file, and sends it to a specific Amazon Simple Storage Service (Amazon S3) bucket.

To configure the Send JSON to Amazon S3 action, from the Action Library, click Notify, and then click Send JSON to Amazon S3.

Connection Settings

Click to view Connection Settings
  1. Use stored credentials from the AWS adapter (required, default: False) -
    • If enabled, Axonius will use the AWS adapter connection credentials that match the specified AWS Access Key ID to determine the IAM user/role to be used to send a JSON file to an S3 bucket.
    • If disabled:
      • If Use attached IAM role is enabled, Axonius will use the EC2 instance (Axonius installed on) attached IAM user/role to send a JSON file to an S3 bucket.
      • Else, it will use the IAM user/role associated with the specified IAM Access Key ID and IAM Access Key Secret to send a JSON file to an S3 bucket.
    NOTE
    To use this option, you must successfully configure an AWS adapter connection.
  2. AWS Access Key ID (required, default: empty) - Specify the AWS Access Key ID to access the Amazon S3 bucket.
  3. AWS Secret Access Key (optional, default: empty) - Specify the AWS Secret Access Key for the specified AWS Access Key ID.
    • If supplied (and both Use stored credentials from the AWS adapter and Use attached IAM role are disabled), Axonius uses the account user credentials to send a JSON file to an S3 bucket.
    • If not supplied (and both Use stored credentials from the AWS adapter and Use attached IAM role are disabled), Axonius will fail any execution of this action.
  4. Use attached IAM role (required, default: False)
    • If enabled (and Use stored credentials from the AWS adapter is disabled), Axonius will use the EC2 instance (Axonius installed on) attached IAM to be used to send a JSON file to an S3 bucket.
    • If disabled (and Use stored credentials from the AWS adapter is disabled), Axonius will use the supplied account details in the IAM Access Key ID and IAM Access Key Secret to send a JSON file to an S3 bucket.
    NOTE

    This option will be ignored if Use stored credentials from the AWS adapter is enabled.

  5. AWS region (optional, default: us-east-1) - Specify the region name the Amazon S3 located.
    • If supplied, PutObject operation will be done on the supplied Amazon S3 details in the supplied region.
    • If not supplied, PutObject operation will be done on the supplied Amazon S3 details in 'us-east-1'.
    NOTE

    This option will be ignored if Use stored credentials from the AWS adapter is enabled.

  6. HTTPS proxy (optional, default: empty) - A proxy to use when connecting to the AWS APIs.
    • If supplied, Axonius will utilize the proxy when connecting to the Amazon S3 bucket.
    • If not supplied, Axonius will connect directly to the Amazon S3 bucket.

Action Settings

Click to view Action Settings
  1. Amazon S3 bucket name (required, default: empty) - Specify the Amazon S3 bucket name for which the file will be sent.
    For creating, configuring, and access Amazon S3 buckets, see see Configuring an S3 Bucket to use with Axonius.
  2. Amazon S3 object location (key) (optional, default: empty) - Specify the S3 object key to store a JSON file that contains the entities derived from the saved query supplied as a trigger (or entities that have been selected in the asset table).
    • If supplied, the JSON file path and name will be stored in the specified object key. For example, if reports/axonius is specified, the file path and name will be reports/axonius.json.
    • If not supplied, the JSON file will be stored as axonius_enforcement_center_data.json.
  3. Append date and time to file name (required, default: False)
    • If enabled, the date and time (in UTC) of enforcement action execution will be added as a suffix to the generated JSON file name. For example, axonius_2020-01-06-16:48:13.json.
    • If disabled, the JSON file will be stored based on the specified/default object key.
  4. Override file if exists (required, default: False) - choose to store the generated JSON file even if a JSON file with the same name already exists.
    • If enabled, the generated JSON file will be stored even if a JSON file with the exact name already exists.
    • If disabled, the generated JSON file will be not be stored if a JSON file with the exact name already exists. As a result, the Enforcement action will fail.

Required Permissions

Click to view Required Permissions

The values supplied in AWS Access Key ID and AWS Access Key Secret or the EC2 instance (Axonius installed on) attached IAM role account must have the following permissions:

  • s3:PutObject
  • s3:GetObject
  • s3:ListAllMyBuckets
  • s3:ListBucket
  • s3:PutObjectTagging
  • s3:DeleteObject
  • s3:HeadBucket

Those permissions must be added to a policy attached to relevant IAM user account.


For details on creating an IAM user and attaching policies, see Connecting the Amazon Web Services (AWS) Adapter.


To learn more about configuring Enforcement Sets, see Configuring Enforcement Sets.


What's Next
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.