Cloud Edge Secure Access Getting Started Guide
- Cloud Edge Secure Access
- Welcome to SonicWall Cloud Edge!
- Prerequisites
- Installation
- Networks
- Groups and Members
- Securing the Platform
- Monitoring
- Compliance
- SonicWall Support
Amazon S3
This article describes the Amazon S3 service and how to configure it. Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. You can configure your SonicWall Cloud Edge data stream to an S3 bucket to have full visibility of your SonicWall Cloud Edge activity.
- Creating a new bucket
- Creating a new IAM Policy
- Creating an AWS Access Key
- Connecting the S3 bucket to SonicWall Cloud Edge
-
Dealing with possible error codes
Create a new Bucket
-
Open the AWS Management Console and select S3.
-
Select Create Bucket.
-
Fill in the following information:
- Bucket name: Enter a name of your choice.
-
Region: Amazon S3 creates buckets in a Region you specify. To optimize latency, minimize costs, or address regulatory requirements, choose any AWS Region that is geographically close to you.
-
Block all public access is checked by default. You may choose to customize it according to your company policy.
- Disable object lock, then select Create bucket.
Create a new IAM Policy
At this point, you can choose to grant the user full access to your S3 buckets (by attaching the appropriate AWS managed policy) or create a new policy that applies only to the SonicWall Cloud Edge bucket. If you choose the first option, you may skip this section.
- Open the AWS Identity and Access Management (IAM ) dashboard.
- Go to the Policies tab and select Create policy.
-
Paste the following snippet as a JSON file. Replace test with the bucket name, then select Review policy.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::test" }, { "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::test/*" } ] }
The template presented above, while scoped to a single bucket associated with SonicWall Cloud Edge's logs only, will grant a wide variety of permissions. If for any reason you choose to limit the list of permissions, make sure that at the very least it includes parts highlighted below:
{ "Version" : "2012-10-17" , "Statement" : [ { "Effect" : "Allow" , "Action" : ["s3:ListBucket" ], "Resource" : ["arn:aws:s3::: test " ] }, { "Effect" : "Allow" , "Action" : [ "s3:PutObject" , "s3:GetObject" , "s3:DeleteObject" ], "Resource" : ["arn:aws:s3::: test /*" ] } ] }
-
Fill in the following information, and then select Create policy.
- Name: Enter a name of your choice.
- Description (optional): Let other users in your account know what this policy aims for.
Create an AWS access key
- Open the AWS Identity and Access Management (IAM ) dashboard.
-
Go to the Users tab and select Add user.
-
Fill in the following information, then select Next.
- Username: Enter a name of your choice.
- Access type: Select Programmatic access.
-
Select Attach existing policies directly and choose the policy you created earlier (if you skipped the previous section, select the S3 full access AWS managed policy). Select Next.
-
Add tags you may find useful in identifying the user (optional), then select Next.
- Review and select Create user.
-
Copy and save the Access key ID and the Secret access key, then select close.
Connect the S3 bucket to SonicWall Cloud Edge
-
Log in to your SonicWall Cloud Edge Management Platform, and navigate to Settings/Integrations and select Add at the Amazon S3 row.
-
Fill in according to the values copied in the previous steps (the primary key will be used as your workspace key).
-
Select Validate.
Handling possible error codes
Status message | Action required |
---|---|
Success | None |
S3_INVALID_ACCESS_KEY_ID | Make sure you copied correctly the access key ID |
S3_INVALID_SECRET_ACCESS_KEY | Make sure you copied correctly the secret access key. |
S3_INVALID_BUCKET | Make sure the Bucket name in SonicWall Cloud Edge matched the Bucket name in S3 (case sensitive). |
S3_ACCESS_DENIED_BUCKET |
The IAM user doesn't have the required access permissions to the bucket. Make sure to attach the appropriate policy. |
Was This Article Helpful?
Help us to improve our support portal