Guides
Start typing to search…

S3 Destination

To enable data exports to your AWS S3 account, you'll need to create a new destination S3 bucket where the exported data will be stored. Additionally, you must grant the Cortex Integration Manager User permission to write data to this bucket.

We recommend using role-based authentication as the preferred method for granting access. With role-based authentication, you can attach a policy directly to the bucket, allowing Cortex to securely write data without the need to manage static credentials.

Role-Based Authentication

  1. To use role-based authentication, you'll first need to create a new S3 bucket.

The preferred approach is to name the bucket with the prefix cortex-external-, and then apply a Bucket policy.

See AWS S3 ARN Syntax here.

  1. Create a new policy using the template below. Replacing the word bucket with the name of the S3 bucket created in step 1.
  2. Assign the new policy to the bucket.

AWS S3 Bucket Policy Template

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::{bucket}/*",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::949731172823:user/integration-manager-prod-user"
                ]
            }
        }
    ]
}

Updated about 1 month ago