Configuring AWS policy
In AWS, a policy is an entity that links permissions with an identity or resource. The permissions in a policy determine whether a request is allowed or denied.
In this section, we describe how to create an AWS policy and how to attach the policy to a group.
Creating an AWS policy
Depending on the AWS service that will be monitored, the AWS IAM user will need different sets of permissions. The permissions required for each AWS service are explained on each page of the supported services section.
Follow the steps below on your AWS console to create an AWS policy that collects logs from an S3 bucket.
On the AWS console, search for
iam
and click IAM from the results.Click Policies > Create policy.
Switch to JSON view, remove the default statement, and paste the following configuration. Replace
<WAZUH_AWS_BUCKET>
with the name of the previously created S3 bucket. In this example, the policy allows the IAM user to return and retrieve an object from the specified S3 bucket.{ "Version": "2012-10-17", "Statement": [ { "Sid": "GetS3Logs", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::<WAZUH_AWS_BUCKET>/*", "arn:aws:s3:::<WAZUH_AWS_BUCKET>" ] } ] }
Click Next to proceed to the next step.
Click Create policy to create a new policy.
Confirm the policy creation.
Attaching a policy to an IAM user group
After you create a policy, you can attach it to groups, users, or roles. In this guide, we show how to create a group and how to attach a policy to a group using the AWS console.
On the AWS console, search for
iam
and click IAM from the results.Navigate to User groups and click on a previously created group.
Navigate to Permissions , click on Add permissions, then Attach policies.
Search for the policy, select the checkbox next to it, and click Attach policies to attach it to the group.
Confirm the policy is attached to the group.