Guides

Features

Advanced

Integrating ALTR Notifications with AWS S3

S3 Integration for External Delivery of Data Usage and Anomaly Information

Your ALTR Organization can be configured to send data usage and Anomaly Information to a client-owned AWS S3 bucket. The S3 integration configuration must follow the below requirements and recommendations:

  • For optimal performance, ensure your S3 bucket is located in the US East (N. Virginia) us-east-1 Region.
  • Ensure the IAM role begins with "ALTRPublishSIEMData". For example. A valid IAM role name may be “ALTRPublishSIEMDataAcmeCorp”. You can replace “AcmeCorp” with your company’s name.
  • Create the IAM Policy first then create the IAM role. This makes it easier to assign the IAM policy to the role during the role creation process.

Configure the S3 Bucket

You can create your S3 bucket to receive the ALTR consumption and anomaly information. Creating an S3 bucket with all the default configurations will suffice.

Follow these steps to configure the S3 bucket.

  1. Login to the AWS console name and create a bucket in the US East (N. Virginia) us-east-1 region.
  2. Accept all default values for bucket creation.
  3. Once the bucket is configured, contact your ALTR representative to provide and receive the following information:
    a. ALTR AWS Account ID

Create IAM Policy

In order to authorize your ALTR client to put objects into the S3 bucket you must create an IAM policy granting the s3:PutObject action. Follow the steps below to create the IAM policy.

  1. Login to the AWS console.
  2. In the Finder Services text box, type the IAM keyword.
  3. Click on the IAM keyword and click on the Policies menu item.
  4. Click on the Create Policy button.
  5. Click on JSON tab and insert the policy below replacing the configuration item with the name of the bucket you created in previous steps.
  6. Click on the Review Policy button.
  7. Name the policy, for example “acme.s3.policy”.
  8. Click on the Create Policy button to create the policy.
  9. You should now see it listed as one of the available policies.

IAM Policy Example

Copy Snippet

Configure IAM Role

The ALTR DB platform will use an IAM Role to ensure it has authorization to write objects into the S3 bucket. This IAM Role will have the IAM Policy attached for granting the appropriate permissions.

Follow these steps to create the IAM role and attach the IAM Policy.

  1. Log in to the AWS console.
  2. Click on the Create a Role button.
  3. Select the s3 use case and click on the Next Permissions button.
  4. Search for your newly created IAM policy and click on the check box next to its name.
  5. Click on the Next:tags button.
  6. Click on the Next:Review button.
  7. Insert a role name.  The name must start with 'ALTRPublishSIEMData. For example: “ALTRPublishSIEMDataMyRoleName”.
  8. Click on the Create Role button.
  9. Attach the IAM policy you created in the previous steps to the role.
  10. Save the role.
    Open the newly created role, click on the Trust Relationships tab, and click on the Edit Trust Relationship button. Insert the following JSON document replacing the text between “< >” with your account ID and client ID. Please contact your ALTR representative for your ALTR account ID. Please follow the steps in the Retrieving Client ID section to retrieve your client ID.
  11. Copy the role’s ARN to a temporary location. You will need this ARN in the Configure S3 Integration in ALTR Portal.
Copy Snippet

Configure S3 Integration in the ALTR Portal

In order to send consumption logs and anomalies to your S3 bucket, you must configure the organization settings via the ALTR DB portal. Follow these steps to configure and test the integration with your S3 bucket:

  1. Log in to the ALTR DB portal.
  2. Expand the Settings menu item.
  3. Click on the Preferences menu item.
  4. Click on the Organization tab.
  5. Insert your bucket name into the S3 Integration “S3 Bucket Name” field.
  6. Copy the IAM Role’s ARN you saved from previous steps and paste it into the “ARN for IAM Role” field.
  7. Click on Test Access. You will receive a success message.
  8. You now have options of what data to send. You can activate both the “Anomalies” and “Query Audits” or disable either option.

Retrieving the Client ID

The Client ID necessary to configure the S3 integration can be retrieved by logging into the ALTR portal. Below are the steps to retrieve the Client ID.

  1. Log in to the ALTR portal.
  2. Expand the Settings menu item.
  3. Click on the Preferences menu item and select the Organization tab.
  4. You will find the Client ID in the S3 Integration section. It will look like the following: “The Client ID you will need to use to configure your S3 IAM Role is: 180dc006-f849-43b4-baa0-44957dd7689f”
    TABLE OF CONTENTS
    S3 Integration for External Delivery of Data Usage and Anomaly Information
  5. Configure the S3 Bucket
    IAM Policy Example
  6. Configure the IAM Role.
  7. Configure the S3 Integration in the ALTR Portal.
  8. Retrieve the Client ID.

First section of content
Copy Code Snippet