AWS S3 Bucket Access
This document describes how to setup an AWS User and S3 bucket for secure DAS S3 access. Styra DAS supports S3 and S3 compatible bucket systems. S3 buckets can be utilized in S3 data sources, bundle registry, decision log, and activity log exporters.
The S3 buckets are configured from the following data elements:
- Bucket URL. For example:
- Custom endpoint or S3 compatible system endpoint. For example:
- Region. For example:
- Access key ID
- Secret access key
The Styra DAS UI hides the URL
curl --request POST \
--url ''$DAS_TENANT'/v1/workspace/s3/verify-config' \
--header 'authorization: Bearer '$DAS_WORKSPACE_TOKEN'' \
--header 'content-type: application/json' \
Secure AWS S3 bucket access
Use AWS IAM Management Console
Perform the following steps to create new user, setup permissions, and collect the access keys.
styra-storage are used as illustrations and can be changed to follow any enterprise naming conventions.
Create a new AWS user
styraand select Access key - Programmatic access.
StyraAccesspermissions policy and select Create policy to start the new permissions policy editor.
Setup permissions policy secure access
Add a policy for each S3 bucket or S3 bucket folder to grant DAS access to. To constrain access to a specific folder, change the resource to
arn:aws:s3:::styra-storage/foldername/*.Sample Permissions Policy
StyraAccesspermissions to the user.
Save the created user's security credentials.
Save the user's Access key ID and Secret access key for later use when configuring DAS S3 components.
Use AWS Amazon S3 manager
Perform the following S3 storage actions:
Create an S3 bucket.
Create a bucket retention policy.
The Styra DAS decision and activity exporters may write large amounts of files to the S3 bucket, based on decision and user activity log volume. These files do not have a defined retention period by default. Add a bucket retention policy to archive, move, or delete files based on your organization's data retention policies.