Skip to content

Forward Data to AWS S3

  1. Complete the configuration of rule name and filtering conditions.
  2. Continue to configure the archive.

Start Configuration

  1. Select AWS S3 as the archive type, which means saving the matched data to this object storage.
  2. Select the storage format.
  3. Choose whether to enable encrypted storage.
  4. Select the access type.
  5. Click OK to create successfully.
Note

If the archive type information changes, ensure that the configurations on the associated platform are updated accordingly to avoid data write failures due to configuration changes. The new configuration rule will take effect within 5 minutes.

Access Type

Role Authorization

  1. Use the external ID generated by Guance by default to configure third-party access rights for AWS resources.

  2. After configuring the Guance IAM role in AWS, fill in the archive information, including the AWS account ID, AWS role name, region, and bucket name.

  3. Enter the storage path to facilitate further differentiation and locating the specific destination of data forwarding.

  4. Click "Test Connection". If the above information meets the specifications, a successful connection test is indicated. Click OK to save the current rule.

Storage Path Naming Convention
  1. Create a single folder or multiple levels of folders. A slash (/) indicates creating multiple levels of folders.
  2. Folder names cannot start or end with a slash (/).
  3. Cannot contain two or more consecutive slashes (/).
  4. Applicable to all access types.
Note
  • If the entered folder does not exist, Guance will create it directly, and data will still be stored under this path.
  • Please change the storage path cautiously. Due to a delay of approximately 5 minutes for configuration updates, some data might still be forwarded to the original directory after the change.
If the test fails:

You need to confirm:

  • Whether the external ID has expired.
  • Whether the account ID is correct.
  • Whether the account role exists.
  • Whether the bucket exists.
  • Whether the Region is inconsistent.

Exercise caution in the following situations:

  • If you click to regenerate the external ID, the historical ID will expire after 24 hours. Please replace it in the AWS console as soon as possible.
  • Do not click to generate the external ID multiple times. Please proceed with caution!

Access Keys

  1. Click to download the AWS resource authorization template and go to AWS to configure the Guance IAM policy.
  2. After configuration is complete, fill in the account information, including the AWS AK & SK, region, and bucket name.
  3. Enter the storage path to facilitate further differentiation and locating the specific destination of data forwarding.
  4. Click "Test Connection". If the above information meets the specifications, a successful connection test is indicated.
If the test fails:

You need to confirm:

  • Whether the account ID is correct.
  • Whether the AK / SK exists.
  • Whether the bucket exists.
  • Whether the Region is inconsistent.

Account Authorization

  1. AWS provides cross-account authorization capability. You need to use the Guance-specific account ID and add a cross-account access authorization policy according to the configuration instructions.

  2. After configuration is complete, select the region and enter the bucket name.

  3. Enter the storage path to facilitate further differentiation and locating the specific destination of data forwarding.

  4. Click "Test Connection". If the above information meets the specifications, a successful connection test is indicated. Click OK to save the current rule.

If the test fails:

You need to confirm:

  • Whether the account ID is correct.
  • Whether the bucket exists.
  • Whether the Region is inconsistent.

Next Steps

Continue to configure the data viewing permissions under the current forwarding rule.

Feedback

Is this page helpful? ×