Before you begin, please review our Log Pipeline article if you have not already!
There are two ways to add an Amazon S3 Bucket. To start either:
Click the Add New Destination button on the Log Pipeline / Log Destinations page.
Select AWS S3 Bucket from the dropdown.
Select your preferred authentication method:
Authentication method 1:
Grant Kolide Access with STS (this is the more secure option):
Provide a Display Name for your bucket. This will help you differentiate it from your other configured log destinations.
Provide the AWS S3 Bucket Name for your desired bucket.
Provide the AWS S3 Role ARN, which have permissions to write to the bucket.
Specify IAM Access Key ID & Secret Access Key:
Provide the IAM credentials and Bucket Name for your desired bucket.
Choose whether to send either or both Status Logs and Result Logs.
Regardless of which authentication you choose, the IAM Role or IAM user account will need the following S3 permissions on the bucket specified in the form
These permissions allow K2 to verify the existence of the bucket, check the state of the objects inside, and put new objects in the bucket as logs are emitted.