The integration with AWS S3 can be configured in the Wazuh manager (which also behaves as an agent) or directly in a Wazuh agent. This choice merely depends on how you decide to access your AWS infrastructure in your environment.
The Wazuh manager includes all dependencies installed, these steps are only necessary when configuring the integration in a Wazuh agent.
The required modules can be installed with Pip, the Python package manager. Most of UNIX distributions have this tool available in their software repositories, but it can be compiled from sources too:
For CentOS/RHEL/Fedora systems:
# yum install python-pip
For Debian/Ubuntu systems:
# apt-get update && apt-get install python-pip
# curl -O https://bootstrap.pypa.io/get-pip.py # python get-pip.py
Boto3 is the official package supported by Amazon to manage AWS resources. It will be used to download the log messages from the S3 Bucket. To install this package, execute the following command:
# pip install boto3