FAQs related to AWS instance setup for forensics

FAQs related to AWS instance setup for forensics

The following topic covers frequently asked questions and common scenarios when setting up AWS instance setup for forensics.

Using an S3 bucket as a forensics destination using SSE-KMS with customer-managed keys

You must configure your AWS environment to provide Netskope with the necessary permissions to enable forensics upload/download from the S3 bucket used as a forensics destination, with server-side encryption using KMS with customer-managed keys.

To provide the required permissions to Netskope, copy the IAM role created by Netskope’s CFT into each KMS key policy and provide the specified Sid and Action.

Follow these detailed instructions:

  1. Log in to the AWS Management Console using the credentials of the AWS account you are setting up with Netskope for IaaS and navigate to Services > IAM > Roles.

  2. Under Roles, search for Netskope_Role and copy the Role ARN for this role.

  3. Navigate to Services > Key Management Service.

  4. Under Customer managed keys go to each KMS key used to encrypt S3 Buckets and edit the Key policy.

  5. Under the Key policy of each KMS key, click Edit.

    Edit the Statement section of the policy to include the following:

    {
        "Sid": "Enable Netskope to use KMS",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::<customer_account_id>:role/Netskope_Role"
        },
        "Action": [
            "kms:Decrypt",
            "kms:GenerateDataKey*",
            "kms:DescribeKey",
            "kms:Encrypt"
        ],
        "Resource": "*"
    }
  6. Edit the Sid to Enable Netskope to use KMS.

  7. Paste the Role ARN of Netskope_Role under AWS.

  8. Edit Action according to the action list above.

  9. Save the key policy changes as AWS-KMS.

The value of the Resource element is “*”, which means “this KMS key.” Please refer to the AWS documentation for more details.
Share this Doc

FAQs related to AWS instance setup for forensics

Or copy link

In this topic ...