Skip to main content
Sumo Logic

Grant Access for Data Forwarding from Sumo Logic to S3

Before configuring an AWS Source, you'll need to grant Sumo Logic permissions to get objects and object versions, and list object and object versions in your organization's bucket.

This procedure and JSON policy is only to be used for Data Forwarding. To set up an S3 bucket for an AWS Source, see Granting Access to an S3 bucket. After data forwarding is configured, file objects are posted to your configured bucket in the format described in File Format for Data Forwarding to an Amazon S3 Bucket.

To grant Amazon S3 permissions:

  1. Sign in to the AWS Management Console.
  2. On the Amazon Web Services page, click Identity & Access Management.
  3. Click Users
  4. Click Create New Users.
  5. Enter the user name. Make sure that the check box Generate an access key for each user is activated. Then click Create
  6. The user is created. Click Show User Security Credentials to view the Access Key ID and Secret Access Key for this user. Then click Download Credentials to download a .csv file with this information. You'll provide it to Sumo Logic. 
  7. Click Close.
  8. On the Users page, click the User you just created.
  9. Under Permissions, open the Inline Policies section. To create a custom inline policy, click click here
  10. Under Set Permissions, choose Custom Policy, then click Select.
  11. For Policy Name, use "put-s3-access" or something similar, so your organization is aware of why this policy was created. Then, enter the JSON parameters you'd like to use for the policy (see the example in the next section in this topic to copy and paste a recommended policy). Click Continue.
  12. On the Users page, the new policy is displayed. 

Policy JSON 

This procedure and JSON policy is only to be used for Data Forwarding. To set up an S3 bucket for an AWS Source, see Granting Access to an S3 bucket

We recommend using the following JSON to create a policy:

{  
   "Version":"2012-10-17",
   "Statement":[  
      {  
         "Effect":"Allow",
         "Action":[  
            "s3:PutObject"
         ],
         "Resource":[  
            "arn:aws:s3:::your_bucketname/*"
         ]
      }
   ]
}

Managing Access Keys 

While configuring an S3 Source, you'll need to provide Key ID and Secret Key credentials (tokens) toSumo Logic. Security, token, and access settings are handled through Amazon Web Service Identity and Access Management (IAM).