• Cloud Edge Secure Access
• Welcome to SonicWall Cloud Edge!
• Prerequisites
• Installation
  • Accessing the Client Management Console
  • Installation Methods
• Networks
  • Understanding Networks
  • SDP Networks
  • Regions and Gateways
    • Adding a region
    • Adding a gateway
  • Connecting Infrastructure
    • Prerequisites
    • Site-to-Site Connections
    • IPsec Tunnel
    • WireGuard Connector
    • Connect On-Prem Resources
      • Firewalls
        • SonicWall
    • Connect Cloud Resources
      • Amazon AWS
        • AWS Virtual Gateway
        • AWS Transit Gateway
      • Alibaba Cloud
      • Microsoft Azure
      • Google Cloud Platform
      • Heroku Enterprise
      • IBM Cloud
      • Docker
• Groups and Members
  • Members
    • Inviting Members
    • Password Requirements
    • Managing Roles
  • Groups
    • Managing Groups
    • Identity Provider Groups
  • Identity Providers (IdP)
    • Integrate Identity Providers
    • Azure AD
      • Azure Active Directory (SAML 2.0)
      • Azure Active Directory
    • Google Suite
      • Google Services
      • Google Apps (SAML 2.0)
    • On-Premises Active Directory
    • SAML 2.0
      • Generic SAML
      • Active Directory Federation Services (ADFS)
      • Auth0
      • Okta
      • OneLogin
      • PingIdentity
      • JumpCloud
• Securing the Platform
  • Securing Networks
    • Segmenting Networks
    • Device Posture Check
    • Network Traffic Control
    • Firewall-as-a-Service
  • Securing User Access
    • Multi-Factor Authentication
      • MFA Authentication
      • DUO Security
    • Agent-less Access
      • Zero Trust Application
        • HTTP/HTTPS
        • RDP (Remote Desktop Protocol)
        • SSH (Secure Shell)
        • VNC (Virtual Network Computing)
      • Zero Trust Policies and Rules
    • Agent-based Access
      • SonicWall Agents
        • Downloading and Installation
      • Agents Configuration
        • User-Groups Policies
        • Managing Configurations
        • General Configurations
        • Network Configuration
        • OS-Specific Configurations
• Monitoring
  • Activity Tracking
    • Activities and Logs
    • Member Devices
  • Monitoring Dashboard
  • Integrations
    • Amazon S3
    • Azure Sentinel
    • Splunk Cloud
• Compliance
  • HIPAA
  • GDPR
  • SOC 2 Type 2
• SonicWall Support
  • About This Document

Amazon S3

This article describes the Amazon S3 service and how to configure it. Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. You can configure your SonicWall Cloud Edge data stream to an S3 bucket to have full visibility of your SonicWall Cloud Edge activity.

• Creating a new bucket
• Creating a new IAM Policy
• Creating an AWS Access Key
• Connecting the S3 bucket to SonicWall Cloud Edge

• Dealing with possible error codes

Create a new Bucket

1. Open the AWS Management Console and select S3.

   

2. Select Create Bucket.

   

3. Fill in the following information:

   

• Bucket name: Enter a name of your choice.

• Region: Amazon S3 creates buckets in a Region you specify. To optimize latency, minimize costs, or address regulatory requirements, choose any AWS Region that is geographically close to you.

  

• Block all public access is checked by default. You may choose to customize it according to your company policy.

  

• Disable object lock, then select Create bucket.

Create a new IAM Policy

At this point, you can choose to grant the user full access to your S3 buckets (by attaching the appropriate AWS managed policy) or create a new policy that applies only to the SonicWall Cloud Edge bucket. If you choose the first option, you may skip this section.

1. Open the AWS Identity and Access Management (IAM ) dashboard.
2. Go to the Policies tab and select Create policy.

3. Paste the following snippet as a JSON file. Replace test with the bucket name, then select Review policy.

   

   {
   				"Version": "2012-10-17",
   				"Statement": [
   				{
   				"Effect": "Allow",
   				"Action": "s3:*",
   				"Resource": "arn:aws:s3:::test"
   				},
   				{
   				"Effect": "Allow",
   				"Action": "s3:*",
   				"Resource": "arn:aws:s3:::test/*"
   				}
   				]
   				}
   
   

   The template presented above, while scoped to a single bucket associated with SonicWall Cloud Edge's logs only, will grant a wide variety of permissions. If for any reason you choose to limit the list of permissions, make sure that at the very least it includes parts highlighted below:

   {
     "Version" : "2012-10-17" ,
     "Statement" : [
       {
         "Effect" : "Allow" ,
         "Action" : ["s3:ListBucket" ],
         "Resource" : ["arn:aws:s3::: test  " ]
       },
       {
         "Effect" : "Allow" ,
         "Action" : [
           "s3:PutObject" ,
           "s3:GetObject" ,
           "s3:DeleteObject" ],
         "Resource" : ["arn:aws:s3::: test  /*" ]
       }
     ]
   }
   
   

   
   
   

4. Fill in the following information, and then select Create policy.

   • Name: Enter a name of your choice.
   • Description (optional): Let other users in your account know what this policy aims for.

Create an AWS access key

1. Open the AWS Identity and Access Management (IAM ) dashboard.

2. Go to the Users tab and select Add user.

   

3. Fill in the following information, then select Next.

   

• Username: Enter a name of your choice.
• Access type: Select Programmatic access.

3. Select Attach existing policies directly and choose the policy you created earlier (if you skipped the previous section, select the S3 full access AWS managed policy). Select Next.
   

   

4. Add tags you may find useful in identifying the user (optional), then select Next.
   

   

5. Review and select Create user.

6. Copy and save the Access key ID and the Secret access key, then select close.
   

   

Connect the S3 bucket to SonicWall Cloud Edge

1. Log in to your SonicWall Cloud Edge Management Platform, and navigate to Settings/Integrations and select Add at the Amazon S3 row.
   

   

2. Fill in according to the values copied in the previous steps (the primary key will be used as your workspace key).
   
   

   

3. Select Validate.

Handling possible error codes

Status message	Action required
Success	None
S3_INVALID_ACCESS_KEY_ID	Make sure you copied correctly the access key ID
S3_INVALID_SECRET_ACCESS_KEY	Make sure you copied correctly the secret access key.
S3_INVALID_BUCKET	Make sure the Bucket name in SonicWall Cloud Edge matched the Bucket name in S3 (case sensitive).
S3_ACCESS_DENIED_BUCKET	The IAM user doesn't have the required access permissions to the bucket. Make sure to attach the appropriate policy.