Cortex XSOAR for Developers (Formerly Demisto)

AWS - S3

Use the AWS S3 integration to manage your AWS object storage.

This integration was integrated and tested with API Version 2012-11-05.

Prerequisites

It is important that you familiarize yourself with and complete all steps detailed in the Amazon AWS Integrations Configuration Guide .

Configure the AWS S3 Integration in Demisto

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for AWS - S3.
  3. Click Add instance to create and configure a new integration.
  • Name : a textual name for the integration instance.
  • AWS Default Region
  • Role Arn
  • Role Session Name
  • Fetch incidents
  • Role Session Duration
  • Access Key
  • Secret Key
  • Use System Proxy
  • Trust any certificate (not secure)

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Create a bucket: aws-s3-create-bucket
  2. Delete a bucket: aws-s3-delete-bucket
  3. List all buckets in the AWS account: aws-s3-list-buckets
  4. Get the policy of a bucket: aws-s3-get-bucket-policy
  5. Delete a policy from a bucket: aws-s3-delete-bucket-policy
  6. Download a file from a bucket to the War Room: aws-s3-download-file
  7. List bucket objects: aws-s3-list-bucket-objects
  8. Assign a policy to a bucket: aws-s3-put-bucket-policy
  9. Upload a file: aws-s3-upload-file

1. Create a bucket

Creates an AWS S3 bucket.

Command Example

!aws-s3-create-bucket bucket=test acl=private

AWS IAM Policy Permission

Effect: Allow
Action: s3:CreateBucket

Input
Parameter Description
bucket Name of the S3 bucket to create (in lowercase)
acl ACL for S3 bucket
locationConstraint Specifies the region where the bucket is created. If you do not
specify a region, the bucket is created in US Standard.
grantFullControl Allows grantee the read, write, read ACP, and write ACP permissions
on the bucket
grantRead Allows grantee to list the objects in the bucket
grantReadACP Allows grantee to read the bucket ACL
grantWrite Allows grantee to create, overwrite, and delete any object in the bucket
grantWriteACP Allows grantee to write the ACL for the applicable bucket
region AWS region (if not specified, the default region is used)
roleArn Amazon Resource Name of the role to assum
roleSessionName An identifier for the assumed role session
roleSessionDuration The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role.

Context Output
Path Description
AWS.S3.Bucket.BucketName Name of the bucket that was created
AWS.S3.Bucket.Location AWS Region the bucket was created

Raw Output 
[  
   {  
      "BucketName":"test",
      "Location":"test"
   }
]

2. Delete a bucket

Deletes an AWS S3 bucket. You need to delete all objects in the bucket, including all object versions and delete markers, before you delete the bucket itself.

Command Example

!aws-s3-delete-bucket bucket=test

AWS IAM Policy Permission

Effect: Allow
Action: s3:DeleteBucket

Input
Parameter Description
bucket Name of the S3 bucket to delete
region AWS region (if not specified, the default region is used)
roleArn Amazon Resource Name of the role to assum
roleSessionName An identifier for the assumed role session
roleSessionDuration The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role.

Context Output

There is no context output for this command.

Raw Output 
The bucket was deleted.

3. List all buckets in the AWS account

Lista all S3 buckets in the specified AWS account.

Command Example

!aws-s3-list-buckets

AWS IAM Policy Permission

Effect: Allow
Action: s3:ListBuckets

Input
Parameter Description
region AWS region (if not specified, the default region is used)
roleArn Amazon Resource Name of the role to assum
roleSessionName An identifier for the assumed role session
roleSessionDuration The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role.

Context Output
Path Description
AWS.S3.Bucket.BucketName Name of the bucket
AWS.S3.Buckets.CreationDate Date the bucket was created

Raw Output 
[  
   {  
      "BucketName":"backup-lab",
      "CreationDate":"2018-04-29T13:31:57"
   },
   {  
      "BucketName":"cf-templates-1f85sad9zb6mmyna-ap-southeast-1",
      "CreationDate":"2018-05-06T06:34:30"
   },
   {  
      "BucketName":"cf-templates-1f859asfzb6mmyna-ap-southeast-2",
      "CreationDate":"2018-04-23T13:59:45"
   }
]

4. Get the policy of a bucket

Get the policy associated with an AWS S3 bucket.

Command Example

!aws-s3-get-bucket-policy bucket=test

AWS IAM Policy Permission

Effect: Allow
Action: s3:GetBucketPolicy

Input
Parameter Description
bucket Name of the bucket
region AWS region (if not specified, the default region is used)
roleArn Amazon Resource Name of the role to assum
roleSessionName An identifier for the assumed role session
roleSessionDuration The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role.

Context Output
Path Description
AWS.S3.Bucket.Policy.Version S3 bucket policy version
AWS.S3.Bucket.Policy.PolicyID S3 bucket policy ID
AWS.S3.Bucket.Policy.Sid S3 bucket policy statment ID
AWS.S3.Bucket.Policy.Action S3 bucket policy statement action
AWS.S3.Bucket.Policy.Principal S3 bucket policy statement principal
AWS.S3.Bucket.Policy.Resource S3 bucket policy statement resource
AWS.S3.Bucket.Policy.Effect S3 bucket policy statement effect
AWS.S3.Bucket.Policy.Json AWS S3 policy JSON output
AWS.S3.Bucket.Policy.BucketName S3 bucket name

Raw Output 
[  
   {  
      "Action":"s3:",
      "BucketName":null,
      "Effect":"Allow",
      "PolicyId":"Policy1519234481415511",
      "PolicyVersion":"2012-10-17",
      "Principal":{  
         "AWS":"arn:aws:iam::123456789:user/itai"
      },
      "Resource":"arn:aws:s3:::test",
      "Sid":"Stmt1519481385324929"
   },
   {  
      "Action":"s3:",
      "BucketName":null,
      "Effect":"Allow",
      "PolicyId":"Policy15194324581415511",
      "PolicyVersion":"2012-10-17",
      "Principal":{  
         "AWS":"arn:aws:iam::123456789:user/bob"
      },
      "Resource":"arn:aws:s3:::test",
      "Sid":"Stmt1519481434214395"
   }
]

5. Delete a policy from a bucket

Deletes a policy from an Amazon S3 bucket.

Command Example

!aws-s3-delete-bucket-policy bucket=test

AWS IAM Policy Permission

Effect: Allow
Action: s3:DeleteBucketPolicy

Input
Parameter Description
bucket Name of the S3 bucket
region AWS region (if not specified, the default region is used)
roleArn Amazon Resource Name of the role to assum
roleSessionName An identifier for the assumed role session
roleSessionDuration The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role.

Context Output

There is no context output for this command.

Raw Output 
Policy deleted from test.

6. Download a file from a bucket to the War Room

Downloads a file from an Amazon S3 bucket to the Demisto War Room.

Command Example

!aws-s3-download-file bucket=test key=test.txt

AWS S3 Policy Permission

Effect: Allow
Action: s3:DownloadFile

Input
Parameter Description
bucket Name of the S3 bucket
region AWS region (if not specified, the default region is used)
roleArn Amazon Resource Name of the role to assum
roleSessionName An identifier for the assumed role session
roleSessionDuration The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role.

Context Output

There is no context output for this command.

Raw Output

There is no raw output for this command.

7. List bucket objects

List all bucket objects in the AWS account.

Command Example

!aws-s3-list-bucket-objects bucket=test

AWS IAM Policy Permission

Effect: Allow
Action: s3:GetObject

Input
Parameter Description
bucket Name of the S3 bucket
region AWS region (if not specified, the default region is used)
roleArn Amazon Resource Name of the role to assum
roleSessionName An identifier for the assumed role session
roleSessionDuration The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role.

Context Output
Path Description
AWS.S3.BucketObjects.Key Name of the S3 object
AWS.S3.BucketObjects.Size Object size
AWS.S3.BucketObjects.LastModified Last date the object was modified

Raw Output 
[  
   {  
      "BucketName":"test",
      "Key":"demi2018-04-05-14-29-49-76DA472F25CB951F",
      "LastModified":"2018-04-05T14:29:51",
      "Size":"323.0 B"
   },
   {  
      "BucketName":"test",
      "Key":"demi2018-04-05-15-23-20-32C6A7DEA888F497",
      "LastModified":"2018-04-05T15:23:21",
      "Size":"367.0 B"
   },
   {  
      "BucketName":"test",
      "Key":"demi2018-04-05-15-37-12-8735352AFBA6932E",
      "LastModified":"2018-04-05T15:37:14",
      "Size":"326.0 B"
   },
   {  
      "BucketName":"test",
      "Key":"demi2018-04-05-16-25-46-C891B9F069DE83C6",
      "LastModified":"2018-04-05T16:25:47",
      "Size":"326.0 B"
   },
   {  
      "BucketName":"test",
      "Key":"demi2018-04-05-16-36-44-69C802DCC5563A44",
      "LastModified":"2018-04-05T16:36:45",
      "Size":"368.0 B"
   }
]

8. Assign a policy to a bucket

Assign a policy to an Amazon S3 bucket.

Command Example

!aws-s3-put-bucket-policy bucket=test policy={"Version":"2012-10-17","Id":"Policy1519481415511","Statement":[{"Sid":"Stmt1519ds34548138sf5929","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789:user/itai"},"Action":"s3:","Resource":"arn:aws:s3:::test"},{"Sid":"Stmt1345519481414395","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789:user/bob"},"Action":"s3:","Resource":"arn:aws:s3:::test"}]}

AWS IAM Policy Permission

Effect: Allow
Action: s3:PutBucketPolicy

Input
Parameter Description
bucket Name of the S3 bucket
policy Bucket policy to apply (in JSON format)
confirmRemoveSelfBucketAccess Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future
region AWS region (if not specified, the default region is used)
roleArn Amazon Resource Name of the role to assum
roleSessionName An identifier for the assumed role session
roleSessionDuration The duration, in seconds, of the role session. The value can range from 900 seconds to the maximum session duration setting for the role.

Context Output

There is no context output for this command.

Raw Output 
Successfully applied bucket policy to test bucket.

9. Upload a file

Upload a file to an AWS S3 bucket.

Base Command 
aws-s3-upload-file
Input
Argument Name Description Required
entryID Entry ID of the file to upload Required
bucket The name of the bucket to upload to Required
key The name of the key to upload to Required
region The AWS Region, if not specified the default region will be used. Optional
roleArn The Amazon Resource Name (ARN) of the role to assume. Optional
roleSessionName An identifier for the assumed role session. Optional
roleSessionDuration The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. Optional
Context Output

There is no context output for this command.

Command Example 
!aws-s3-upload-file bucket="bucket name" key="file name to be displayed" entryID=##@##
Context Example
Human Readable Output

human readable output

Edit this page
Report an Issue