Patch Manager Output S3 bucket
We are using Patch Manager to create a patching policy. One of the options is to write output to an S3 bucket. However, we've selected an S3 bucket but no logs are coming.
We can add bucket policies to the Output S3 Bucket but which role should we add the identity based policy to? I'm guessing it's the instance profile role but we've enabled the option (picture 2 below) and it hasn't added the S3 permissions.
- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hello Shawn,
Enabling "Instance Profile Options" in your Patch Policy will only add S3 permissions to allow communication to the bucket automatically created to store baseline overrides: aws-quicksetup-patchpolicy-* Here is the example policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::aws-quicksetup-patchpolicy-*"
}
]
}
If you require saving command output to a custom bucket, you will need to manually add those permissions to the Instance Profile role. See below example policy and find more info here.
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",
"arn:aws:s3:::DOC-EXAMPLE-BUCKET"
]
}
In case you need centralized logging from multiple accounts, you can refer to this article.
Hope this helps.
Contenus pertinents
- demandé il y a 4 mois
- demandé il y a 6 mois
AWS OFFICIELA mis à jour il y a 2 ans- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 9 mois