Access
To access your cold storage, you need an AWS token that grants permission on the AWS S3 bucket of your environment. This token can be generated using the Wazuh Cloud API.
Note
See the Wazuh Cloud CLI section to learn how to list and download your cold storage automatically.
The following example describes the steps to follow to list the files of your cold storage:
Before your start using the Wazuh Cloud API, you need an API key. To generate your API key, see the Authentication section.
Use the
POST /storage/token
endpoint of the Wazuh Cloud API to get the AWS token and access the cold storage of a specific environment. In this example, we generate an AWS token valid for 3600 seconds for environment 0123456789ab.curl -XPOST https://api.cloud.wazuh.com/v2/storage/token -H "x-api-key: <your_api_key>" -H "Content-Type: application/json" --data ' { "environment_cloud_id": "0123456789ab", "token_expiration": "3600" }'
{ "environment_cloud_id": "0123456789ab", "aws": { "s3_path": "wazuh-cloud-cold-us-east-1/0123456789ab", "region": "us-east-1", "credentials": { "access_key_id": "mUdT2dBjlHd...Gh7Ni1yZKR5If", "secret_access_key": "qEzCk63a224...5aB+e4fC1BR0G", "session_token": "MRg3t7HIuoA...4o4BXSAcPfUD8", "expires_in": 3600 } } }
Using the AWS-CLI tool to list the files, add the token to the AWS credentials file
~/.aws/credentials
.[wazuh_cloud_storage] aws_access_key_id = mUdT2dBjlHd...Gh7Ni1yZKR5If aws_secret_access_key = qEzCk63a224...5aB+e4fC1BR0G aws_session_token = MRg3t7HIuoA...4o4BXSAcPfUD8
Run the following command to list your files.
$ aws --profile wazuh_cloud_storage --region us-east-1 s3 ls wazuh-cloud-cold-us-east-1/0123456789ab
You now have access to your cold storage.