AWS - S3
Use the AWS S3 integration to manage your AWS object storage.
This integration was integrated and tested with API Version 2012-11-05.
Prerequisites
It is important that you familiarize yourself with and complete all steps detailed in the AWS Integrations - Authentication .
Configure the AWS S3 Integration in Demisto
- Navigate to Settings > Integrations > Servers & Services .
- Search for AWS - S3.
- Click Add instance to create and configure a new integration.
- Name : a textual name for the integration instance.
- AWS Default Region
- Role Arn
- Role Session Name
- Fetch incidents
- Role Session Duration
- Access Key
- Secret Key
- Use System Proxy
- Trust any certificate (not secure)
Commands
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Create a bucket: aws-s3-create-bucket
- Delete a bucket: aws-s3-delete-bucket
- List all buckets in the AWS account: aws-s3-list-buckets
- Get the policy of a bucket: aws-s3-get-bucket-policy
- Delete a policy from a bucket: aws-s3-delete-bucket-policy
- Download a file from a bucket to the War Room: aws-s3-download-file
- List bucket objects: aws-s3-list-bucket-objects
- Assign a policy to a bucket: aws-s3-put-bucket-policy
- Upload a file: aws-s3-upload-file
1. Create a bucket
Creates an AWS S3 bucket.
Command Example
!aws-s3-create-bucket bucket=test acl=private
AWS IAM Policy Permission
Effect:
Allow
Action:
s3:CreateBucket
Input
Parameter | Description |
bucket | Name of the S3 bucket to create (in lowercase) |
acl | ACL for S3 bucket |
locationConstraint |
Specifies the region where the bucket is created. If you do not
specify a region, the bucket is created in US Standard. |
grantFullControl |
Allows grantee the read, write, read ACP, and write ACP permissions
on the bucket |
grantRead | Allows grantee to list the objects in the bucket |
grantReadACP | Allows grantee to read the bucket ACL |
grantWrite | Allows grantee to create, overwrite, and delete any object in the bucket |
grantWriteACP | Allows grantee to write the ACL for the applicable bucket |
region | AWS region (if not specified, the default region is used) |
roleArn | Amazon Resource Name of the role to assum |
roleSessionName | An identifier for the assumed role session |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role. |
Context Output
Path | Description |
AWS.S3.Bucket.BucketName | Name of the bucket that was created |
AWS.S3.Bucket.Location | AWS Region the bucket was created |
Raw Output
[ { "BucketName":"test", "Location":"test" } ]
2. Delete a bucket
Deletes an AWS S3 bucket. You need to delete all objects in the bucket, including all object versions and delete markers, before you delete the bucket itself.
Command Example
!aws-s3-delete-bucket bucket=test
AWS IAM Policy Permission
Effect:
Allow
Action:
s3:DeleteBucket
Input
Parameter | Description |
bucket | Name of the S3 bucket to delete |
region | AWS region (if not specified, the default region is used) |
roleArn | Amazon Resource Name of the role to assum |
roleSessionName | An identifier for the assumed role session |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role. |
Context Output
There is no context output for this command.
Raw Output
The bucket was deleted.
3. List all buckets in the AWS account
Lista all S3 buckets in the specified AWS account.
Command Example
!aws-s3-list-buckets
AWS IAM Policy Permission
Effect:
Allow
Action:
s3:ListBuckets
Input
Parameter | Description |
region | AWS region (if not specified, the default region is used) |
roleArn | Amazon Resource Name of the role to assum |
roleSessionName | An identifier for the assumed role session |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role. |
Context Output
Path | Description |
AWS.S3.Bucket.BucketName | Name of the bucket |
AWS.S3.Buckets.CreationDate | Date the bucket was created |
Raw Output
[ { "BucketName":"backup-lab", "CreationDate":"2018-04-29T13:31:57" }, { "BucketName":"cf-templates-1f85sad9zb6mmyna-ap-southeast-1", "CreationDate":"2018-05-06T06:34:30" }, { "BucketName":"cf-templates-1f859asfzb6mmyna-ap-southeast-2", "CreationDate":"2018-04-23T13:59:45" } ]
4. Get the policy of a bucket
Get the policy associated with an AWS S3 bucket.
Command Example
!aws-s3-get-bucket-policy bucket=test
AWS IAM Policy Permission
Effect:
Allow
Action:
s3:GetBucketPolicy
Input
Parameter | Description |
bucket | Name of the bucket |
region | AWS region (if not specified, the default region is used) |
roleArn | Amazon Resource Name of the role to assum |
roleSessionName | An identifier for the assumed role session |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role. |
Context Output
Path | Description |
AWS.S3.Bucket.Policy.Version | S3 bucket policy version |
AWS.S3.Bucket.Policy.PolicyID | S3 bucket policy ID |
AWS.S3.Bucket.Policy.Sid | S3 bucket policy statment ID |
AWS.S3.Bucket.Policy.Action | S3 bucket policy statement action |
AWS.S3.Bucket.Policy.Principal | S3 bucket policy statement principal |
AWS.S3.Bucket.Policy.Resource | S3 bucket policy statement resource |
AWS.S3.Bucket.Policy.Effect | S3 bucket policy statement effect |
AWS.S3.Bucket.Policy.Json | AWS S3 policy JSON output |
AWS.S3.Bucket.Policy.BucketName | S3 bucket name |
Raw Output
[ { "Action":"s3:", "BucketName":null, "Effect":"Allow", "PolicyId":"Policy1519234481415511", "PolicyVersion":"2012-10-17", "Principal":{ "AWS":"arn:aws:iam::123456789:user/itai" }, "Resource":"arn:aws:s3:::test", "Sid":"Stmt1519481385324929" }, { "Action":"s3:", "BucketName":null, "Effect":"Allow", "PolicyId":"Policy15194324581415511", "PolicyVersion":"2012-10-17", "Principal":{ "AWS":"arn:aws:iam::123456789:user/bob" }, "Resource":"arn:aws:s3:::test", "Sid":"Stmt1519481434214395" } ]
5. Delete a policy from a bucket
Deletes a policy from an Amazon S3 bucket.
Command Example
!aws-s3-delete-bucket-policy bucket=test
AWS IAM Policy Permission
Effect:
Allow
Action:
s3:DeleteBucketPolicy
Input
Parameter | Description |
bucket | Name of the S3 bucket |
region | AWS region (if not specified, the default region is used) |
roleArn | Amazon Resource Name of the role to assum |
roleSessionName | An identifier for the assumed role session |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role. |
Context Output
There is no context output for this command.
Raw Output
Policy deleted from test.
6. Download a file from a bucket to the War Room
Downloads a file from an Amazon S3 bucket to the Demisto War Room.
Command Example
!aws-s3-download-file bucket=test key=test.txt
AWS S3 Policy Permission
Effect:
Allow
Action:
s3:DownloadFile
Input
Parameter | Description |
bucket | Name of the S3 bucket |
region | AWS region (if not specified, the default region is used) |
roleArn | Amazon Resource Name of the role to assum |
roleSessionName | An identifier for the assumed role session |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role. |
Context Output
There is no context output for this command.
Raw Output
There is no raw output for this command.
7. List bucket objects
List all bucket objects in the AWS account.
Command Example
!aws-s3-list-bucket-objects bucket=test
AWS IAM Policy Permission
Effect:
Allow
Action:
s3:GetObject
Input
Parameter | Description |
bucket | Name of the S3 bucket |
region | AWS region (if not specified, the default region is used) |
roleArn | Amazon Resource Name of the role to assum |
roleSessionName | An identifier for the assumed role session |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role. |
Context Output
Path | Description |
AWS.S3.BucketObjects.Key | Name of the S3 object |
AWS.S3.BucketObjects.Size | Object size |
AWS.S3.BucketObjects.LastModified | Last date the object was modified |
Raw Output
[ { "BucketName":"test", "Key":"demi2018-04-05-14-29-49-76DA472F25CB951F", "LastModified":"2018-04-05T14:29:51", "Size":"323.0 B" }, { "BucketName":"test", "Key":"demi2018-04-05-15-23-20-32C6A7DEA888F497", "LastModified":"2018-04-05T15:23:21", "Size":"367.0 B" }, { "BucketName":"test", "Key":"demi2018-04-05-15-37-12-8735352AFBA6932E", "LastModified":"2018-04-05T15:37:14", "Size":"326.0 B" }, { "BucketName":"test", "Key":"demi2018-04-05-16-25-46-C891B9F069DE83C6", "LastModified":"2018-04-05T16:25:47", "Size":"326.0 B" }, { "BucketName":"test", "Key":"demi2018-04-05-16-36-44-69C802DCC5563A44", "LastModified":"2018-04-05T16:36:45", "Size":"368.0 B" } ]
8. Assign a policy to a bucket
Assign a policy to an Amazon S3 bucket.
Command Example
!aws-s3-put-bucket-policy bucket=test policy={"Version":"2012-10-17","Id":"Policy1519481415511","Statement":[{"Sid":"Stmt1519ds34548138sf5929","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789:user/itai"},"Action":"s3:","Resource":"arn:aws:s3:::test"},{"Sid":"Stmt1345519481414395","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789:user/bob"},"Action":"s3:","Resource":"arn:aws:s3:::test"}]}
AWS IAM Policy Permission
Effect:
Allow
Action:
s3:PutBucketPolicy
Input
Parameter | Description |
bucket | Name of the S3 bucket |
policy | Bucket policy to apply (in JSON format) |
confirmRemoveSelfBucketAccess | Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future |
region | AWS region (if not specified, the default region is used) |
roleArn | Amazon Resource Name of the role to assum |
roleSessionName | An identifier for the assumed role session |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role. |
Context Output
There is no context output for this command.
Raw Output
Successfully applied bucket policy to test bucket.
9. Upload a file
Upload a file to an AWS S3 bucket.
Base Command
aws-s3-upload-file
Input
Argument Name | Description | Required |
---|---|---|
entryID | Entry ID of the file to upload | Required |
bucket | The name of the bucket to upload to | Required |
key | The name of the key to upload to | Required |
region | The AWS Region, if not specified the default region will be used. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output
There is no context output for this command.
Command Example
!aws-s3-upload-file bucket="bucket name" key="file name to be displayed" entryID=##@##