Getting Started
      Back to home
      1. Radiant Help Center
      2. Getting Started

      Bring Your Own Bucket for Log Management

      Bring your own AWS bucket to Radiant Security and manage your logs using the new Log Management feature.

      Overview

      Easily query your raw data with our new log management and search functionality. There are two options for log management: one is to let us host the logs and the other is to bring your own bucket. To bring your own bucket, you must enable a configuration by completing the following steps:

      Note: For proof of concept (POC) or testing purposes, we allow customers to offload log hosting to us. But, we expect all customers to eventually switch to using their own bucket once they’ve converted from POC.

      Create an S3 bucket in AWS

      1. Sign in to your AWS Management Console.
      2. Then, navigate to the S3 Service by typing S3 in the search bar. Click S3 to open the S3 dashboard.
      3. Click the Create bucket button and configure the following:
        • Bucket name: Enter a unique bucket name (e.g., my-unique-bucket-name-us-west-2).
        • Region: Choose US West (Oregon) – us-west-2 from the region drop-down menu.
      4. Scroll to the bottom of the page and click Create bucket.

      Add a bucket policy

      1. From the S3 dashboard, click on the bucket name you just created.
      2. Go to the Permissions tab within the bucket's dashboard.
      3. Now you’ll need to add a bucket policy to allow our cross account role (configured as Principal in the JSON below) to manage the bucket.
        1. Scroll down to the Bucket policy section and click Edit.
        2. Copy the following bucket policy and replace the <s3_bucket_name> with the name of the bucket you created in the Create an S3 Bucket in AWS step: 
          {

              "Version": "2012-10-17",

              "Statement": [

                  {

                      "Effect": "Allow",

                      "Principal": {

                          "AWS": "arn:aws:iam::522664682085:role/radiant_security_ingestion_role"

                      },

                      "Action": "s3:*",

                      "Resource": [

                          "arn:aws:s3:::<s3_bucket_name>",

                          "arn:aws:s3:::<s3_bucket_name>/*"

                      ]

                  }

              ]

          }
        3. Paste the bucket policy in the text editor.
      4. Click Save changes to apply the policy.

      Configure Log Management in Radiant Security

      1. Log in to Radiant Security.
      2. From the navigation menu, click Log Management.
      3. From Log Management, click + Add Credentials.
      4. In the side menu, paste the bucket name that you created in the first step.
      5. Click Add credentials to save the bucket configuration.

      Note: Before saving the configuration, Radiant Security checks whether you have the correct permissions and that the bucket is in the us-west-2 region. If these verification steps pass, we allow the bucket to be saved. Otherwise, you will see an error highlighting the incorrect configuration. 

      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai

      Last updated: 2024-11-20