How to Get or Renew the Access Key for AWS S3? See Getting or Renewing the Access Key for AWS S3.
How to Specify the AWS S3 Target? See Specifying the AWS S3 Target.
How to Add AWS S3 Data Store to CM? See Adding the AWS S3 Data Store to CM.
How to Add AWS S3 Scan Parameters? See Tunable Scan Parameters.
The document provides the instructions on how to obtain or renew AWS S3 data store credentials and use those credentials to add the data store to the CM, and how to specify the target in CM for scanning in the AWS S3 data store.
Getting or Renewing the Access Key for AWS S3
1 Log in to the AWS management console using your existing credentials.
2 On top-right corner, click on your Profile name and then click on Security Credentials.
3 Under the Access keys section, you should see your existing access key listed. You can have a maximum of two access keys at a time.
4 If two keys are already created, the Create Access Key button is disabled, then remove a key and create a new one.
- To deactivate an access key: In the Access keys section, find the key to deactivate, then click on Actions then choose Deactivate (Note: A deactivated access key still counts toward your limit of two access keys).
- To delete an access key: In the Access keys section, find the key you want to delete, then click on Actions then choose Delete. Enter the access key in the dialog box to confirm deletion of key and then click on Delete.
5 The access key has been removed. The Create access key button is now enabled.
6 To create a new access key, click on the Create access key.
7 On the Access key best practices & alternatives page, choose Others and then choose Next. (We can choose an option best for our use case, but for long-term access key we choose Others).
8 On Set description tag, you can add a description for the access key (Optional).
9 A dialog box will appear displaying the newly created access key and secret access key. Click on the Download .csv file button, a file containing your access key ID and secret access key will get downloaded. Store this file securely if lost secret access key could not be found again.
Specifying the AWS S3 Target
Amazon S3 has a global namespace. (i.e. No two S3 buckets can have the same name.)
|Specific folder in Bucket
|Specific file in Bucket
|Full Data Store
- For scanning all Buckets: leave out the dialog box empty.
- For scanning a whole Bucket:
- For scanning a specific folder in a Bucket:
- For scanning a specific file in a Bucket:
Adding the AWS S3 Data Store to CM
1 Go to Data Store page and then click Add Data Store.
2 Under Select Data Store Category select Cloud and then select AWS S3 from Select Cloud Type.
3 In Configure Connection screen, enter the Access Key ID and the Secret Access Key.
4 Select the Show Secret Access Key checkbox if you want to view the secret access key.
5 In the Select Number of Agents menu set the minimum and maximum number of agents for the datastore.
6 In the Add Label field, add an agent label, by entering a label or removing and existing label (Optional).
7 Enter Data Store Name, Description (Optional), Branch Location, Sensitivity Level (Optional).
8 In Add Tags and Access Control section you can change the access and add tags (Optional).
9 Click Save. Data store should have added to the CM.
Tunable Scan Parameters
To add Scan Parameter, go to Scans → Add Scan → Under Advanced Configurations, you can see and set different parameters for tunable scans.
Scan Priority: Sets the scan priority. The default setting is Low Priority. It applies only to local storage.
Content Supported: Select content type that the scan will process:
OCR - Scans images for sensitive data using Optical Character Recognition (OCR).
Voice - Enables voice recognition when scanning WAV and MP3 files. By default, it is disabled.
EBCDIC - Scan file systems that use IBM's EBCDIC (extended binary-coded decimal interchange code) encoding.
Trace Logs: It captures detailed scan trace messages when scanning a target.
Memory Usage Limit (MB): Set the maximum amount of memory agent can use on the data store.
Throughput (MBps): Set the maximum data throughput the application can use when searching each data store.
Amount of Data Object Volume: Select the amount of data object volume prioritizing either quantity of data objects or information of matches per data object.
Below is the difference in reports of a normal scan and a tunable scan done on the same bucket in AWS S3.
In tunable scan, OCR and voice content support was enabled and the priority was set to normal therefore the increase in the sensitive data objects found.