Skip to content

Data Forwarding to AWS S3

Start Configuration

  1. Select AWS S3 as the archive type, which means that the matched log data will be saved to this object storage.
  2. Choose Access Type.
  3. Click OK to complete the creation.

Note: If the archive type information changes, ensure that the associated platform configuration is updated synchronously to avoid data write failures due to configuration changes. New configuration rules will take effect within 5 minutes.

Access Type

Role Authorization

img/back-2.png

  1. You must use the default external ID generated by Guance to configure third-party access permissions for AWS resources.
  2. After configuring the Guance IAM role in AWS, fill in the archive information with the AWS account ID, AWS role name, region, and bucket name.
  3. Enter the Storage Path to facilitate further differentiation and location of the specific data forwarding path.
  4. Click Test Connection. If the above information meets the specifications, it will prompt that the test connection was successful. Click OK to save the current rule.

Directory Path (Folder) Naming Convention

  1. Create a single folder or multiple levels of folders, where slashes (/) indicate the creation of multi-level folders.
  2. Folder names cannot start or end with a slash (/).
  3. They cannot contain more than two consecutive slashes (/).
  4. Applies to all access types.

Note:

  • If the entered folder does not exist, Guance will create it directly, and data will still be stored under this path.
  • Be cautious when changing the storage path, as there is about a 5-minute delay in updating configurations, and some data may still be forwarded to the original directory after changes.
If the Test Fails:

You need to confirm:

  • Whether the external ID has expired;
  • Whether the account ID is correct;
  • Whether the account role exists;
  • Whether the bucket exists;
  • Whether the Region is inconsistent.

When the following situations occur, proceed with caution:

  • If you click to regenerate the external ID, the historical ID will expire after 24 hours, please replace it in the AWS console as soon as possible;
  • Do not repeatedly click to generate an external ID, proceed with caution!

Access Keys

  1. Click to download the AWS resource authorization template and configure the Guance IAM policy in AWS.
  2. After configuration, enter the account information, including AWS AK & SK, region, and bucket name.
  3. Enter the Storage Path to facilitate further differentiation and location of the specific data forwarding path.
  4. Click Test Connection. If the above information meets the specifications, it will prompt that the test connection was successful.
If the Test Fails:

You need to confirm:

  • Whether the account ID is correct;
  • Whether the AK / SK exists;
  • Whether the bucket exists;
  • Whether the Region is inconsistent.

Account Authorization

  1. AWS provides cross-account authorization capabilities. You need to use the dedicated account ID of Guance and add a cross-account access authorization policy according to the configuration instructions.

  2. After configuration, select the region and enter the bucket name.

  3. Enter the Storage Path to facilitate further differentiation and location of the specific data forwarding path.
  4. Click Test Connection. If the above information meets the specifications, it will prompt that the test connection was successful. Click OK to save the current rule.
If the Test Fails:

You need to confirm:

  • Whether the account ID is correct;
  • Whether the bucket exists;
  • Whether the Region is inconsistent.

Regarding Overseas Sites: The account IDs for overseas sites differ from those in China. Please distinguish them accordingly:

Site ID
Hong Kong 588271335135
Oregon 521643107266
Singapore 521643107266
Frankfurt 521643107266

Feedback

Is this page helpful? ×