Skip to main content
Sumo Logic

Grant Access to an AWS S3 Bucket

Before configuring an AWS Source, you'll need to grant Sumo Logic permissions to get objects and object versions, and list object and object versions in your organization's bucket.

To grant Amazon S3 permissions:

  1. Create an IAM user in AWS. For more information about this, refer to the appropriate section of the AWS User Guide.
    1. Save the Access Key ID and Secret Access Key credentials. You will need to provide these in Sumo Logic.
  2. Create a Custom Policy for the new IAM user. Refer to the Access Policies section of the AWS User Guide. Use the following JSON policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:ListBucketVersions",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::your_bucketname/*","arn:aws:s3:::your_bucketname" ]
}
]
}

All Action parameters shown are required. And make sure to enter the actual name of your S3 bucket to the Resource line of JSON.

Managing Access Keys

In addition, while configuring an S3 Source, you'll need to provide Key ID and Secret Key credentials (tokens) to Sumo Logic. Security, token, and access settings are handled through Amazon Web Service Identity & Access Management.

For instructions on using Identity & Access Management, see AWS Identity and Access Management (IAM) to learn about the options available to your organization.