...
Change audit log storage to user-provided S3
Organization or product audit logs are stored in S3 prepared by D-Accel by default, but you can change to S3 prepared individually by the user by setting here. Please prepare the following 3 points in advance for setting.
| 情報 |
|---|
Prepare S3 bucket access information (S3 region, S3 bucket name, access key ID, secret access key). Grant s3:GetObject, s3:PutObject, s3:ListBucket, s3:GetBucketLocation, s3:ListAllMyBuckets permissions to the bucket in the S3 bucket policy. Allow D-Accel's IP address in the S3 bucket policy. Please contact us from here for the IP address
to be added when IP restriction is performed with the S3 bucket policy. You can use
it the app by adding the IP address of D-Accel.
|
...
| 展開 |
|---|
|
| コード ブロック |
|---|
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject"
],
"Resource": "arn:aws:s3:::xxx-xxx-xxx-xxx/*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::xxx-xxx-xxx-xxx"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
}
]
} |
|
Select "Audit log storage settings" from the setting icon on the upper right of the screen.
Click to turn on "Use custom buckets" in the organization or product audit log panel.
Enter the user-prepared S3 region, S3 bucket name, access key ID, and secret access key, and click Test Connection. Click the Save button when the connection is successful.
After saving, you can return to the S3 prepared by D-Accel as the storage location by clicking "Use custom bucket" again to turn it off.