Configure Amazon S3 to Forward Logs to Radiant Security

Ingest any type of logs into Radiant Security through our S3 data connector.

In this guide, you will configure Amazon S3 (Amazon Simple Storage Service) to forward lots to Radiant Security. The S3 data connector should be used whenever a direct connector is not yet supported by Radiant Security.

To configure AWS S3 to forward syslog to Radiant Security, you’ll need to complete the following steps:

• Configure S3 and SNS
• Add the data connector in Radiant Security
• Configure the S3 events

Configure S3 and SNS

Review the following information regarding the S3 bucket configuration before proceeding with the setup of S3 and SNS:

• Our preferred region for the S3 bucket is us-west-2, but choosing this region is not obligatory
• You may use an existing S3 bucket, but only newly added files will be synchronized

Assuming you already have the bucket to which data is being sent, the first step is to configure the bucket to allow GetObject from our AWS Account ID (AllowCrossAccountGetObject).

1. Sign in to the AWS Management Console and open the Amazon S3 console.
2. In the Buckets page, click the Permissions tab on the bucket that you want to configure to forward data to Radiant Security.
3. For Bucket policy, click Edit.
4. Copy and paste the following policy:
   

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Sid": "RSCollectLogs",
               "Effect": "Allow",
               "Principal": {
                   "AWS": "arn:aws:iam::649384204969:role/rs-connector-generic-aws-s3"
               },
               "Action": "s3:GetObject",
               "Resource": "<YOUR-BUCKET-ARN>/*"
           }
       ]
   }

5. We highly recommend creating a new SNS topic specifically for this integration, rather than using a preexisting one. Note that a single SNS topic can be associated with multiple S3 buckets. On the navigation panel, click Topics and click Create topic to create an SNS topic. In the Details section, for Type, select Standard. Amazon S3 only supports publishing to Standard SNS topics.
6. Once you’ve created the SNS topic, click Edit.
7. Expand Access policy.
8. Copy and paste the following policy to allow your S3 bucket to publish to your SNS:

       {
         "Sid": "AllowS3Publish",
         "Effect": "Allow",
         "Principal": {
           "Service": "s3.amazonaws.com"
         },
         "Action": "sns:Publish",
         "Resource": "<SNS-TOPIC-ARN>",
         "Condition": {
           "StringEquals": {
             "aws:SourceAccount": "<YOUR-AWS-ACCOUNT-ID>"
           },
           "ArnEquals": {
             "aws:SourceArn": "<S3-BUCKET-ARN>"
           }
         }
       }

9. Copy and paste the follow policy to allow Radiant Security to subscribe to your SNS topic:
   

    {
      "Sid": "RSSubscribe",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::649384204969:role/rs-connector-generic-aws-s3"
      },
      "Action": "SNS:Subscribe",
      "Resource": "<SNS-TOPIC-ARN>"
    }

Add the data connector in Radiant Security

Add the Amazon Web Services S3 data connector in Radiant Security.

1.   Log in to Radiant Security.
2.   From the navigation menu, click Settings > Data Connectors and click + Add Connector.
3.   Search for and select the Amazon Web Services S3 option and then click Data Feeds.
4.   Select the data feed(s) you want and then click Credentials.
5.   Under Credential Name, give the credential an identifiable name (e.g. AWS S3 Credentials). If you already have the credential created, select it from the drop-down menu. 6.   Under Required Credentials, enter the following: AWS Account ID: The 12-digit number, that uniquely identifies your AWS account AWS Region: The region where your bucket resides (e.g. us-east-1) SNS Topic Name: The name of the SNS topic you created in step 5 of Configure S3 and SNS  7.   Click Add Connector.
8.   Once the connector is successfully created, go to Data Connectors, locate the connector, and click View Details. 9.   In the Credentials section, you will find an Event name for each data feed. Copy these names, as you will need them in the following steps.

Configure the S3 events

To enable automated notifications when new data is added to your S3 bucket, you need to configure event notifications by following the steps below.

1. In the Buckets page, select the bucket that you want to enable events for.
2. Click the Properties tab.
3. Navigate to the Event Notifications section and click Create event notification.
4. In the General configuration section, configure the following:
   1. For Event name, enter the Event name first value that you copied in the last step of the Add the data connector in Radiant Security section.
   2. For Prefix, enter a string, such as images/ to match the folder where that specific type of data is. You can use this to create a prefix filter so that you receive notifications only when files are added to a specific folder.
   3. In the Event types section, select All object create events. Leave all other options unselected.
   4. In the Destination section, select SNS topic and search for the Standard SNS topic you had created.
   5. Click Save changes, and repeat this process for each one of your data feeds.

We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

Last updated: 2025-06-25