Saving a Report to an S3 Bucket

Introduction

Scheduled reports can be sent by email or saved into an AWS S3 bucket for the purpose of

integrating with 3rd party tools or for archiving reasons,

Cloudyn uses the AWS account authentication principle (User or Role as provided by the user)

to try and save the reports to the desired bucket, in order to do so we try to save a simple text

file to the bucket (file name: “check-bucket- permission.txt”).

This means that you will need to provide the Role or User used by Cloudyn the PutObject

permission to the desired bucket.

You may use an existing bucket or create a new one for the purpose of saving Cloudyn reports,

please keep in mind that it is up to you to manage the storage class, setting lifecycle rules or

removing any unnecessary files, using S3 will occur additional costs

 

Assigning appropriate permissions to your AWS User or Role

  1. Create New Policy.

    First you will have to create a policy with the exact permissions needed to save a report to a S3
    bucket.

1. Login to your AWS console and select “Services” at the top of the screen.

2. Then select IAM from the list of services.

3. Select “Policies” from the left side of the console and then “Create Policy”.

4. Select “Create Your Own Policy”, give it a name (for example “CloudynSaveReport2S3”)

5. Copy and paste the policy attached for creating one policy that allows saving a report to a S3 bucket, please make sure to replace <bucketname> with your bucket name.

 

2. Attaching the Policy to Cloudyn Role or User in Your Account

To attach the new policy, you will need to enter your AWS console and

Edit the Role or User that is used by Cloudyn.

  1. Login to your AWS console and select “Services” at the top of the screen
  2. Select IAM from the list of services
  3. Select either role or users from the left side of the console

a. For Role:

i. Click on the Cloudyn Role

ii. Under the permission tab click on “Attach Policy”

iii. Search for the policy you have created above and mark the

checkbox, then click “Attach Policy”

b. For User:

i. Click on the Cloudyn User

ii. Under the permission tab click on Add Permission

iii. Under the “Grant Permission” section, select “Attach existing

policies directly”

iv. Search for the policy you have created above and mark the

checkbox, then click “Next: Review”

v. Click “Add Permission”


For Role, the result should look like this:

For User, result should look like this:

3. Optional – Bucket Policy Approach

Alternatively, you can set the permission to create reports on your S3 bucket using a bucket policy,

In the classic S3 UI:

  1. Create or select an existing bucket
  2. Select properties and expend the Permission tab
  3. Click Add bucket policy
  4. Copy and paste the policy attached (optional_bucket_policy.txt) and replace <bucket_name> and <Cloudyn_principle> with the ARN of your bucket and the ARN of either the Role or User used by Cloudyn