Managing Storage with AWS S3

Indent storage integrates with Amazon's Simple Storage Service (AWS S3). Indent creates an audit log and reports that show which users request access to which Resource. You can view logs directly in the Dashboard and you can export them to an AWS S3 bucket your team controls.

Setup

1. Sign in to your Indent space
2. If you haven't already, use our Quickstart to configure your space and onboard your team

Step 1: Create an S3 Bucket

1. Navigate to your AWS account
2. Open S3 and create a new bucket.
3. Select an AWS Region you want to store your logs in.
4. Configure the bucket based on your organization's policies

Step 2: Create an AWS Account to use with Indent

1. Navigate to your AWS account
2. Open Identity and Access Management and create a new user.
3. When prompted for an "AWS Access Type," select "Programmatic Access"
4. Assign your user permissions to access your S3 Bucket. What permissions does the user need?

Step 3: Add your AWS credential to Indent

1. Navigate to Integrations → Credentials in your Indent Space to create a new credential
2. Click New+, then in the dropdown select AWS as the credential type.
3. Paste in the AWS Access Key ID and AWS Secret Access Key in the Materials section of the form.
4. Click Create+ and your new credential is added to your Space.

Step 4: Connect the bucket to Indent's Access Manager Logs

1. Log in to your Indent space and navigate to Providers → Inputs
2. You should see an input named "Access Manager Logs," click on the Input to open it.
3. Select the "Configuration" section and click on the dropdown labelled "Sync Config."
4. Enter the S3 URL for the bucket you created to use with Indent.
5. Under "Credentials," select your aws credential, then click "Save."

Congrats! You've just configured exporting logs to an AWS S3 Bucket with Indent.

---

AWS S3 User Permissions

Your new user needs permission to access your bucket and make changes to bucket objects.

View the sample AWS Access Policy configuration

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::indent-log-bucket"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ReplicateObject",
        "s3:PutObject*",
        "s3:GetObject*",
        "s3:RestoreObject*"
      ],
      "Resource": "arn:aws:s3:::indent-log-bucket/*"
    }
  ]
}

Optional: Create a new Input for S3 Logs

You can add additional inputs to send Indent logs to AWS S3 buckets from your existing Space.

1. Log in to your Indent space and navigate to Providers → Inputs
2. Click New+ and enter a memorable name for your new Input, then click "Create Input."
3. Select the "Configuration" section in your new Input and click on the dropdown labelled "Sync Config."
4. Enter the S3 URL for the bucket you created to use with Indent.
5. Under "Credentials," select your aws credential, then click "Save."