Collect Logs from Amazon S3 Buckets with KMS Encryption

Role Availability Read-Only Investigator Analyst Manager

If you are using a key management service (KMS) key to encrypt the Amazon S3 buckets where your logs are stored, you need to perform the following steps to enable your USM Anywhere Sensor to decrypt those buckets.

Note: To do this, you first need to know the bucket that is encrypted, the KMS key used for the encryption, and the Identity and Access Management (IAM) role created for your sensor.

To enable your sensor to decrypt KMS-encrypted buckets

  1. Log in to the AWS Management Console and navigate to the Key Management Service (KMS) page.
  2. Open the Customer Managed Keys page and locate the KMS key you are using.
  3. Scroll down to the Key Users section.
  4. Click Add.
  5. Use the list or the search bar to select the IAM role created for your sensor.

    Enable your USM Anywhere Sensor to decrypt buckets encrypted with AWS's Key Management Service.

  6. Click Add.