LogoLogo
  • Getting Started
    • Welcome to Teleskope.ai
    • Your Journey with Teleskope
  • The Platform
    • Data Catalog
    • Data Subject Rights
      • Integrations
      • Enroll Third Party Integrations
        • Amplitude
        • Google Analytics
        • Salesforce
        • Bazaar Voice
        • Intercom
      • Enroll Structured Databases
      • Deletion Methods
    • Policy Maker
    • Issues
    • API Service
      • Scanning API
        • v1/classify
        • v1/classifyCollection
        • v1/scan
      • Redaction API
        • v1/scrub
      • Data Subject Rights
        • GET v1/dsr/requests
        • POST v1/dsr/requests
      • Metadata
        • v1/aws/rds
        • v1/aws/s3
        • v1/snowflake
        • v1/snowflake/users
        • v1/gcp/bigquery
        • v1/gcp/cloudstorage
        • v1/gcp/cloudsql
  • Setup
    • Deployment
    • Role Based Access Control
    • SSO
      • Okta
      • Microsoft Entra
      • Google Auth
  • Specifications
    • Data Store Coverage
    • Compliance Frameworks
    • Redaction Methodologies
    • Data Elements
  • Connectors
    • AWS
      • Athena
      • RDS
      • DynamoDB
      • Redshift
      • S3
      • SNS
      • SQS
    • GCP
      • Cloud Storage
      • Grant Teleskope Access to BigQuery
      • CloudSQL
      • Grant Teleskope Access to CloudLogging
    • SaaS
      • Github
      • Google Drive
      • Jira
      • Segment
      • Zendesk
      • DropBox
      • Box
      • Bitbucket
      • Slack
      • Sharepoint Online
    • Snowflake
    • Azure
      • Azure SQL
      • Azure Database
      • Blob Storage
      • CosmosDB
      • Synapse
    • Databricks
  • DSR
  • Alerting Integrations
    • Slack
    • Tines
Powered by GitBook
On this page
  • Requirements
  • Grant Teleskope Read Access to S3
  • Grant Teleskope Read and Write Access to S3

Was this helpful?

  1. Connectors
  2. AWS

S3

Requirements

Name
Description

Teleskope Role

Attach S3 read and/or write permissions to the Teleskope IAM role you created

Grant Teleskope Read Access to S3

Teleskope needs read access to scan and classify your data stored in S3.

Attach the AmazonS3ReadOnlyAccess to the Teleskope IAM role you created.

Terraform

resource "aws_iam_role_policy_attachment" "s3_policy" {
  role       = "TeleskopeRole"
  policy_arn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
}

Or create a least-privilege policy, and specify bucket restrictions under resource, and attach that policy to the role

Terraform

resource "aws_iam_policy" "teleskope_s3_policy" {
  name        = "TeleskopeS3Policy"
  description = "Policy to grant various read permissions for S3 resources."

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Action = [
          "s3:GetBucketPolicyStatus",
          "s3:GetBucketPublicAccessBlock",
          "s3:GetLifecycleConfiguration",
          "s3:GetBucketTagging",
          "s3:GetInventoryConfiguration",
          "s3:GetBucketWebsite",
          "s3:GetBucketLogging",
          "s3:ListBucket",
          "s3:GetBucketVersioning",
          "s3:GetBucketAcl",
          "s3:GetBucketNotification",
          "s3:GetBucketPolicy",
          "s3:GetReplicationConfiguration",
          "s3:GetBucketObjectLockConfiguration",
          "s3:GetEncryptionConfiguration",
          "s3:PutBucketTagging",
          "s3:GetBucketCORS",
          "s3:GetBucketLocation"
        ]
        Resource = "arn:aws:s3:::*"
      },
      {
        Effect = "Allow"
        Action = [
          "s3:GetObjectAcl",
          "s3:GetObject",
          "s3:GetObjectTagging",
          "s3:PutObjectTagging",
          "s3:GetObjectVersion"
        ]
        Resource = "arn:aws:s3:::*/*"
      },
      {
        Effect = "Allow"
        Action = [
          "s3:GetAccountPublicAccessBlock",
          "s3:ListAllMyBuckets",
          "s3:GetBucketInventoryConfiguration"
        ]
        Resource = "*"
      }
    ]
  })
}

Inventory Reports

We highly recommend enabling inventory reports on your buckets. Teleskope could use those reports to efficiently list objects and reduce cost on your cloud. When enabling inventory reports, please make sure to add the following fields:

  1. Bucket

  2. Key

  3. Size

  4. Last Modified Date

  5. Storage Class

Grant Teleskope Read and Write Access to S3

Teleskope needs write access take enforce remediation policies such as tagging, redaction, deletion, etc.

Attach the AmazonS3FullAccess to the Teleskope IAM role you created.

Terraform

resource "aws_iam_role_policy_attachment" "s3_policy" {
  role       = "TeleskopeRole"
  policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
}

PreviousRedshiftNextSNS

Last updated 2 months ago

Was this helpful?