.png?sv=2022-11-02&spr=https&st=2024-07-27T04%3A31%3A41Z&se=2024-07-27T04%3A41%3A41Z&sr=c&sp=r&sig=mhMkT6SNoV0BD%2BE8lCvt0PRiB91s4dCYnh7BLXJ98ao%3D){kind=logo}
AWS - Send JSON to S3
- 30 Jun 2024
- 5 Minutes to read
- Print
- DarkLight
- PDF
AWS - Send JSON to S3
- Updated on 30 Jun 2024
- 5 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
AWS - Send JSON to S3 takes the saved query supplied as a trigger (or assets that have been selected in the asset table), creates a JSON file, and sends it to a specific Amazon Simple Storage Service (Amazon S3) bucket.
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Use stored credentials from the AWS adapter -
- If enabled, Axonius will use the AWS adapter connection credentials that match the specified AWS Access Key ID to determine the IAM user/role to be used to send a JSON file to an S3 bucket.
- If disabled:
- If Use attached IAM role is enabled, Axonius will use the EC2 instance (Axonius installed on) attached IAM user/role to send a JSON file to an S3 bucket.
- Else, it will use the IAM user/role associated with the specified IAM Access Key ID and IAM Access Key Secret to send a JSON file to an S3 bucket.
NOTETo use this option, you must successfully configure an AWS adapter connection.
Required Fields
These fields are required to run the Enforcement Action.
Amazon S3 bucket name - Specify the Amazon S3 bucket name for which the file will be sent.
For creating, configuring, and access Amazon S3 buckets, see see Configuring an S3 Bucket to use with Axonius.Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Additional Fields
These fields are optional.
Connection Parameters
If Use stored credentials from the YYY adapter is disabled, these fields are required:
- AWS Access Key ID - Specify the AWS Access Key ID to access the Amazon S3 bucket.
- AWS Secret Access Key - Specify the AWS Secret Access Key for the specified AWS Access Key ID.
- If supplied (and both Use stored credentials from the AWS adapter and Use attached IAM role are disabled), Axonius uses the account user credentials to send a JSON file to an S3 bucket.
- If not supplied (and both Use stored credentials from the AWS adapter and Use attached IAM role are disabled), Axonius will fail any execution of this action.
- Use attached IAM role
- If enabled (and Use stored credentials from the AWS adapter is disabled), Axonius will use the EC2 instance (Axonius installed on) attached IAM to be used to send a JSON file to an S3 bucket.
- If disabled (and Use stored credentials from the AWS adapter is disabled), Axonius will use the supplied account details in the IAM Access Key ID and IAM Access Key Secret to send a JSON file to an S3 bucket.
NOTEThis option will be ignored if Use stored credentials from the AWS adapter is enabled.
- AWS region (default: us-east-1) - Specify the region name the Amazon S3 located.
- If supplied, PutObject operation will be done on the supplied Amazon S3 details in the supplied region.
- If not supplied, PutObject operation will be done on the supplied Amazon S3 details in 'us-east-1'.
NOTEThis option will be ignored if Use stored credentials from the AWS adapter is enabled.
HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.
- Amazon S3 object location (key) - Specify the S3 object key to store a JSON file that contains the entities derived from the saved query supplied as a trigger (or entities that have been selected in the asset table).
- If supplied, the JSON file path and name will be stored in the specified object key. For example, if reports/axonius is specified, the file path and name will be reports/axonius.json.
- If not supplied, the JSON file will be stored as axonius_enforcement_center_data.json.
- Append date and time to file name
- If enabled, the date and time (in UTC) of enforcement action execution will be added as a suffix to the generated JSON file name. For example, axonius_2020-01-06-16:48:13.json.
- If disabled, the JSON file will be stored based on the specified/default object key.
- Override file if exists - choose to store the generated JSON file even if a JSON file with the same name already exists.
- If enabled, the generated JSON file will be stored even if a JSON file with the exact name already exists.
- If disabled, the generated JSON file will be not be stored if a JSON file with the exact name already exists. As a result, the Enforcement action will fail.
- Always export aggregated fields as arrays - Select this option to always represent aggregated fields as arrays in the JSON file that is created.
Required Permissions
The values supplied in AWS Access Key ID and AWS Access Key Secret or the EC2 instance (Axonius installed on) attached IAM role account must have the following permissions:
- s3:PutObject
- s3:GetObject
- s3:ListAllMyBuckets
- s3:ListBucket
- s3:PutObjectTagging
- s3:DeleteObject
- s3:HeadBucket
If the target S3 bucket is encrypted with a KMS key: then the kms:GenerateDataKey permission is also required.
Those permissions must be added to a policy attached to relevant IAM user account.
For details on creating an IAM user and attaching policies, see Connecting the Amazon Web Services (AWS) Adapter.
For more details about other Enforcement Actions available, see Action Library.
Was this article helpful?