AWS S3 Archive Outputs and Integrations

George Alpizar
George Alpizar
  • Updated

Overview

This output type sends logs to an AWS S3 endpoint.

Note

In the Edge Delta App, when you create an integration or an individual output, similar parameters will display. As a result, this document applies to both outputs and integrations.


Create an IAM User and Attach a Custom Policy 

Before you configure your Edge Delta account to sends logs to an AWS S3 endpoint, you must first access the AWS console to:

  1. Create an IAM user to access the AWS S3 bucket
  2. Attach the custom policy below to the newly created IAM user

Note

The custom policy lists 3 permissions: 

  • PutObject
  • GetObject
  • ListBucket 

If you want to create an S3 archive for rehydration purposes only, then at a minimum, your custom policy must include GetObject

All other permissions are only required for archiving purposes. 

As a result, if you prefer, you can create 2 different S3 archive integrations with different custom policies. 

To learn more, see Rehydrations.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name",
                "arn:aws:s3:::bucket-name/*"
            ]
        }
    ]
}

Review Parameters

Review the following parameters that you can configure in the Edge Delta App:

Visual Editor YAML Description
Name name

Enter a descriptive name for the output or integration.

For outputs, this name will be used to map this destination to a workflow.

This parameter is required. 

Review the following example: 

name: s3
Integration integration_name

This parameter only appears when you create an individual output.

This parameter refers to the organization-level integration created in the Integrations page. If you enter this name, then the rest of the fields will be automatically populated.

If you need to add multiple instances of the same integration into the config, then you can add a custom name to each instance via the name field. In this situation, the name should be used to refer to the specific instance of the destination in the workflows.

This parameter is optional. 

Review the following example: 

integration_name: orgs-aws-s3
Not applicable type

Enter s3.

This parameter is required. 

Review the following example: 

type: s3
Bucket bucket (or s3_bucket)

Enter the target S3 bucket to send the archived logs.

This parameter is required. 

Review the following example: 

bucket: "testbucket"
Region region (or s3_region)

Enter the specified S3 bucket's region.

This parameter is required. 

Review the following example: 

region: "us-east-2"
AWS Key aws_key_id

Enter the AWS key ID that has the PutObject permission to target the bucket. If you use role-based AWS authentication where keys are not provided, then you should keep this field empty; however, you must still attach the custom policy listed above.

This parameter is optional. 

Review the following example: 

aws_key_id: '{{ Env "TEST_AWS_KEY_ID" }}'
AWS Secret Key aws_sec_key

Enter the AWS secret key ID that has the PutObject permission to target the bucket. If you use role-based AWS authentication where keys are not provided, then you should keep this field empty; however, you must still attach the custom policy listed above.

This parameter is optional. 

Review the following example: 

aws_sec_key: "awssecret123"
Role ARN role_arn

Enter the ARN that has permissions to use the desired IAM Role

To learn more, review this document from AWS.

This parameter is optional. 

Review the following example: 

role_arn: "arn:aws:iam::1234567890:role/ed-s3-archiver-role"
External ID external_id

Enter the external ID associated with the desired IAM role. 

To learn more, review this document from AWS.

This parameter is optional. 

Review the following example:

external_id: "053cf606-8e80-47bf-b849-8cd1cc826cfc"
Compression compress

Enter a compression type for archiving purposes. 

You can enter gzip, zstd, snappy, or uncompressed

This parameter is optional. 

Review the following example: 

compress: gzip
Encoding  encoding

Enter an encoding type for archiving purposes. 

You can enter json or parquet

This parameter is optional. 

Review the following example: 

encoding: parquet 
Use Native Compression use_native_compression

Enter true or false to compress parquet-encoded data.

This option will not compress metadata. 

This option can be useful with big data cloud applications, such as AWS Athena and Google BigQuery.

Note

To use this parameter, you must set the encoding parameter to parquet

This parameter is optional.

Review the following example: 

use_native_compression: true
Buffer TTL  buffer_ttl

Enter a length of time to retry failed streaming data.

After this length of time is reached, the failed streaming data will no longer be tried.

This parameter is optional. 

Review the following example: 

buffer_ttl: 2h

Buffer Path 

buffer_path

Enter a folder path to temporarily store failed streaming data.

The failed streaming data will be retried until the data reaches its destinations or until the Buffer TTL value is reached.

If you enter a path that does not exist, then the agent will create directories, as needed.

This parameter is optional.

Review the following example:

buffer_path: /var/log/edgedelta/pushbuffer/
Buffer Max Size 
buffer_max_bytesize

Enter the maximum size of failed streaming data that you want to retry.

If the failed streaming data is larger than this size, then the failed streaming data will not be retried.

This parameter is optional.

Review the following example:

buffer_max_bytesize: 100MB

Review Sample Configuration

The following sample configuration displays an output without the name of the organization-level integration:

  archives:
    - name: my-s3
      type: s3
      aws_key_id: '{{ Env "AWS_KEY_ID" }}'
      aws_sec_key: '{{ Env "AWS_SECRET_KEY" }}'
      bucket: testbucket
      region: us-east-2
    - name: my-s3-assumes-role
      type: s3
      role_arn: "arn:aws:iam::1234567890:role/ed-s3-archiver-role"
      external_id: "053cf606-8e80-47bf-b849-8cd1cc826cfc"
      bucket: testbucket
      region: us-east-2

 

Share this document