Enable Real-time Scanning of S3 Buckets

To enable realtime scanning of S3 buckets:

  1. To Enable Real-Time Scanning for AWS S3, see Account > Discovery.

  2. To connect a new AWS S3 application, see AWS S3 Application. Alternatively, to edit an existing AWS S3 application, do the following steps:

    1. Go the Setting > Applications.

    2. In the Applications screen, select S3.

    3. Click the pen icon next to the Account Name.

    4. Disable and enable the toggle button to see the configuration screen.

    5. Click the Real-Time Enable toggle button.

    6. Click the clipboard icon to copy the Real-Time Event Name, which will be used to configure event notifications from S3 buckets in the AWS account.

    7. Click SAVE.

  3. Apply access policy in the SQS Queue to allow the S3 bucket to send events. Refer to the AWS documentation for detailed information on configuring access policy steps - Click here

    1. Navigate to SQS Queue and select the queue (test_queue).

    2. Provide the correct Access Policy to SQS queue, so that S3 is allowed to put events into SQS queue. Refer to the following example to apply access policy:

      {
    "Version":"2008-10-17",
    "Id":"__default_policy_ID",
    "Statement":[
        {
        "Sid":"__owner_statement",
        "Effect":"Allow",
        "Principal":{
            "Service":"s3.amazonaws.com",
            "AWS":"arn:aws:iam::111111111111:root"
        },
        "Action":"SQS:*",
        "Resource":"arn:aws:sqs:us-east-1:111111111111:test_queue"
        }
    ]
}

  4. Configure event notifications from S3 buckets to the SQS Queue. See the AWS documentation for detailed information.

    1. Go to the S3 bucket you want to link with the SQS queue.

    2. On the Properties tab, navigate to the Event Notifications section and choose Create event notification.

    3. In the event name, paste the Real-Time Event Name copied from the step 2.e above. And then give a bucket name. For example, test-bucket.

    4. Select the event type as required from Event types.

    5. Select Destination type as SQS Queue, and then choose the SQS queue (test_queue) from the dropdown list.

    6. Click Save Changes.

  5. Include and scan resources from datasource.

    1. Navigate to Discovery > Data Source.

    2. On the Data Source page, click the S3 application that needs to be set up for realtime scanning. The selected S3 application details are displayed.

    3. Click Include Resources tab and ensure that the check mark is displayed when the realtime scanning is enabled.

    4. Click Add to add a resource.

Last update: February 22, 2022