We have updated our Terms of Service, Code of Conduct, and Addendum.

What permissions are needed for Cribl Stream to pull an S3 bucket? I’m creating a role for it to use

Erin Sweeney
Erin Sweeney Posts: 45 admin
in Stream

What permissions are needed for Cribl Stream to pull an S3 bucket? I’m creating a role for it to use.

Best Answer

  • Brendan Dalpe
    Brendan Dalpe Posts: 201 mod
    Answer ✓

    To pull from the S3 bucket using a collector, you need S3:GetObject and S3:ListBucket permissions as a minimum.

    Here is a sample IAM policy you can use:

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject"
      ],
      "Resource": "arn:aws:s3:::<bucket_name>/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::<bucket_name>"
    }
  ]
}

Answers

  • Brendan Dalpe
    Brendan Dalpe Posts: 201 mod
    Answer ✓

    To pull from the S3 bucket using a collector, you need S3:GetObject and S3:ListBucket permissions as a minimum.

    Here is a sample IAM policy you can use:

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject"
      ],
      "Resource": "arn:aws:s3:::<bucket_name>/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::<bucket_name>"
    }
  ]
}
  • Brandon McCombs
    Brandon McCombs Posts: 150 mod

    If using the S3 input then permissions must be set for both the bucket and the SQS queue. See Amazon S3 | Cribl Docs

Categories