Skip to main content
Sumo Logic

Grant Access to an AWS S3 Bucket

This page has instructions for granting access to an AWS S3 bucket, which is a prerequisite for creating any Sumo AWS source. 

IAM User Policy

Before configuring an AWS Source, you'll need to grant Sumo Logic permissions to get objects and object versions, and list object and object versions in your organization's bucket.

To grant Amazon S3 permissions:

  1. Create an IAM user in AWS. For more information about this, refer to the appropriate section of the AWS User Guide.
    1. Save the Access Key ID and Secret Access Key credentials. You will need to provide these in Sumo Logic.
  2. Create a Custom Policy for the new IAM user. Refer to the Access Policies section of the AWS User Guide. Use the following JSON policy:

All of the Action parameters shown above are required.

Replace the "your_bucketname" placeholders in the Resource section of the JSON policy with your actual S3 bucket name.

KMS Key Policy for Server Side Encrypted Data

To collect data from encrypted sources, such as encrypted CloudTrail logs, you'll also need to add the appropriate access to the KMS resources in the inline policy for the IAM user you created in the example above, and add that user to the Key Policy.  See Example Key Policy for more information.

Managing Access Keys

In addition, while configuring an S3 Source, you'll need to provide Key ID and Secret Key credentials (tokens) to Sumo Logic. Security, token, and access settings are handled through Amazon Web Service Identity & Access Management.

For instructions on using Identity & Access Management, see AWS Identity and Access Management (IAM) to learn about the options available to your organization.