ConnectorsSetup GuidesAnalytics

AWS S3 Connector

This guide covers implementing Descope's AWS S3 connector. Descope enables you to automatically collect troubleshooting logs and audit events in your AWS S3 Bucket.

Configure AWS S3 Connector in Descope

Prerequisites

  1. Have an AWS S3 bucket set up
  2. Have an IAM user with the necessary AWS S3 bucket permissions

Configuring the Connector

Navigate to the Connectors page in the Descope Console and select AWS S3 to create a new AWS S3 connector.

AWS S3 connector setup

The following parameters are required to use it:

  • Connector Name: Provide a unique name for your connector. This assists in distinguishing it, especially when multiple connectors are derived from the same template.
  • Connector Description: Briefly explain the purpose of this connector.
  • Access Key ID: The unique AWS Access Key ID.
  • Secret Access Key: The secret AWS Access Key associated with the Access Key ID.
  • Region: The AWS S3 region, e.g. us-east-1
  • Bucket: The name of the AWS S3 bucket that the logs and audit events will be sent to.
  • Stream Audit Events: Select which events are sent to AWS S3. Descopers can allow all audit events or filter them based on certain actions that occur or tenants in the project.
  • Stream Troubleshooting Events: Decide whether troubleshooting events are also sent to AWS S3.

Getting the Access Key

In AWS, navigate to Services in the top left and select IAM. On the IAM page, navigate to Users.

If you don't have an IAM user, create one now. If you already have one, click on "Add Permissions". You can assign the required permissions either by adding the user to a group or by directly attaching policies to the user. For more information see Amazon Documentation.

Adding Permissions to AWS IAM User

Go to the User's page and click on "Create access key" and then on "Third-party service" if you are adding the policy directly.

Create Access Key for AWS IAM User

Make sure to save your Secret access key as you won't be able to view it again.

Access Key Fields in AWS S3

Viewing Audit Logs

Now audit logs will be sent to the AWS S3 bucket as json objects. The connector can be tested while configuring it so you can ensure the logs are being sent and collected properly.

The logs can still be viewed in Descope under the Audit and Troubleshoot section of the Descope Console. For more information on audit trail and log streaming see Audit Trail Streaming.

An example of directory structure when streaming Descope audit logs to Amazon S3

An example of the date formatted directory structure when streaming Descope audit logs to Amazon S3

Was this helpful?

Previous

Amplitude

Next

Datadog

On this page

AWS S3 ConnectorConfigure AWS S3 Connector in DescopePrerequisitesConfiguring the ConnectorGetting the Access KeyViewing Audit Logs