- 29 Sep 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
AWS - Send JSON to S3
- Updated on 29 Sep 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
AWS - Send JSON to S3 takes the saved query supplied as a trigger (or assets that have been selected in the asset table), creates a JSON file, and sends it to a specific Amazon Simple Storage Service (Amazon S3) bucket.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
General Settings
- Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Use stored credentials from the AWS adapter -
- If enabled, Axonius will use the AWS adapter connection credentials that match the specified AWS Access Key ID to determine the IAM user/role to be used to send a JSON file to an S3 bucket.
- If disabled:
- If Use attached IAM role is enabled, Axonius will use the EC2 instance (Axonius installed on) attached IAM user/role to send a JSON file to an S3 bucket.
- Else, it will use the IAM user/role associated with the specified IAM Access Key ID and IAM Access Key Secret to send a JSON file to an S3 bucket.
NOTETo use this option, you must successfully configure an AWS adapter connection.
Required Fields
These fields are required to run the Enforcement Action.
Amazon S3 bucket name - Specify the Amazon S3 bucket name for which the file will be sent.
For creating, configuring, and access Amazon S3 buckets, see see Configuring an S3 Bucket to use with Axonius.Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Additional Fields
These fields are optional.
Connection and Credentials
When Use stored credentials from the adapter is toggled off, some fields are required to create the connection, while other fields are optional.
- AWS Access Key ID - Specify the AWS Access Key ID to access the Amazon S3 bucket.
- AWS Secret Access Key - Specify the AWS Secret Access Key for the specified AWS Access Key ID.
- If supplied (and both Use stored credentials from the AWS adapter and Use attached IAM role are disabled), Axonius uses the account user credentials to send a JSON file to an S3 bucket.
- If not supplied (and both Use stored credentials from the AWS adapter and Use attached IAM role are disabled), Axonius will fail any execution of this action.
- Use attached IAM role
- If enabled (and Use stored credentials from the AWS adapter is disabled), Axonius will use the EC2 instance (Axonius installed on) attached IAM to be used to send a JSON file to an S3 bucket.
- If disabled (and Use stored credentials from the AWS adapter is disabled), Axonius will use the supplied account details in the IAM Access Key ID and IAM Access Key Secret to send a JSON file to an S3 bucket.
NOTEThis option will be ignored if Use stored credentials from the AWS adapter is enabled.
- AWS region (default: us-east-1) - Specify the region name the Amazon S3 located.
- If supplied, PutObject operation will be done on the supplied Amazon S3 details in the supplied region.
- If not supplied, PutObject operation will be done on the supplied Amazon S3 details in 'us-east-1'.
NOTEThis option will be ignored if Use stored credentials from the AWS adapter is enabled.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
- Amazon S3 object location (key) - Specify the S3 object key to store a JSON file that contains the entities derived from the saved query supplied as a trigger (or entities that have been selected in the asset table).
- If supplied, the JSON file path and name will be stored in the specified object key. For example, if reports/axonius is specified, the file path and name will be reports/axonius.json.
- If not supplied, the JSON file will be stored as axonius_enforcement_center_data.json.
- Append date and time to file name
- If enabled, the date and time (in UTC) of enforcement action execution will be added as a suffix to the generated JSON file name. For example, axonius_2020-01-06-16:48:13.json.
- If disabled, the JSON file will be stored based on the specified/default object key.
- Override file if exists - choose to store the generated JSON file even if a JSON file with the same name already exists.
- If enabled, the generated JSON file will be stored even if a JSON file with the exact name already exists.
- If disabled, the generated JSON file will be not be stored if a JSON file with the exact name already exists. As a result, the Enforcement action will fail.
- Always export aggregated fields as arrays - Select this option to always represent aggregated fields as arrays in the JSON file that is created.
Required Permissions
The values supplied in AWS Access Key ID and AWS Access Key Secret or the EC2 instance (Axonius installed on) attached IAM role account must have the following permissions:
- s3:PutObject
- s3:GetObject
- s3:ListAllMyBuckets
- s3:ListBucket
- s3:PutObjectTagging
- s3:DeleteObject
- s3:HeadBucket
If the target S3 bucket is encrypted with a KMS key: then the kms:GenerateDataKey permission is also required.
Those permissions must be added to a policy attached to relevant IAM user account.
For details on creating an IAM user and attaching policies, see Connecting the Amazon Web Services (AWS) Adapter.
For more details about other Enforcement Actions available, see Action Library.