Enable Real-time Scanning of S3 Buckets

To enable realtime scanning of S3 buckets:

  1. Select Enable Real-Time Scanning button in the Accounts page. See Account. In this step, you enable an S3 bucket to send events to the SQS queue (test_queue).

  2. Configure the datasource in Settings.

    1. Navigate to Settings > Datasource.

    2. On the Datasource page, configure the S3 datasource with the correct Access key and Secret key.

    3. Add an S3 application if it does not exist. For details, Datasource or to edit the S3 application, click the pencil icon.

      The Edit Application dialog box is displayed.

    4. Click the Application Properties tab and verify that the Real-Time button is enabled.

    5. Click the clipboard icon to copy the Real-Time Event Name, which will be used to configure event notifications from S3 buckets in the AWS account.

  3. Apply access policy in the SQS Queue to allow the S3 bucket to send events. Refer to the AWS documentation for detailed information on configuring access policy steps - Click here

    1. Navigate to SQS Queue and select the queue (test_queue).

    2. Provide the correct Access Policy to SQS queue, so that S3 is allowed to put events into SQS queue. Refer to the following example to apply access policy:

      {
          "Version":"2008-10-17",
          "Id":"__default_policy_ID",
          "Statement":[
              {
              "Sid":"__owner_statement",
              "Effect":"Allow",
              "Principal":{
                  "Service":"s3.amazonaws.com",
                  "AWS":"arn:aws:iam::111111111111:root"
              },
              "Action":"SQS:*",
              "Resource":"arn:aws:sqs:us-east-1:111111111111:test_queue"
              }
          ]
      }
      
  4. Configure event notifications from S3 buckets to the SQS Queue. See the AWS documentation for detailed information.

    1. Go to the S3 bucket you want to link with the SQS queue.

    2. On the Properties tab, navigate to the Event Notifications section and choose Create event notification.

    3. In the event name, paste the Real-Time Event Name copied from the step 2.e above. And then give a bucket name. For example, test-bucket.

    4. Select the event type as required from Event types.

    5. Select Destination type as SQS Queue, and then choose the SQS queue (test_queue) from the dropdown list.

    6. Click Save Changes.

  5. Include and scan resources from datasource.

    1. Navigate to Discovery > Data Source.

    2. On the Data Source page, click the S3 application that needs to be set up for realtime scanning. The selected S3 application details are displayed.

    3. Click Include Resources tab and ensure that the check mark is displayed when the realtime scanning is enabled.

    4. Click Add to add a resource.


Last update: August 18, 2021