Skip to content

Forwarding Data to AWS S3

Configuration

  1. Select AWS S3 as the archive type to save the matched log data to this object storage.
  2. Choose the access type.
  3. Click Confirm to successfully create the configuration.
Note

If the archive type information changes, ensure that the associated platform configuration is updated accordingly to avoid data write failures due to configuration changes. The new configuration rules will take effect within 5 minutes.

Access Type

Role Authorization

  1. Use the external ID generated by TrueWatch by default to configure third-party access rights for AWS resources.

  2. After configuring the TrueWatch IAM role in AWS, fill in the archive information, including the AWS account ID, AWS role name, region, and bucket name.

  3. Enter the storage path to facilitate further differentiation and location of the forwarded data.

  4. Click Test Connection. If the above information meets the specifications, a successful connection test will be prompted. Click Confirm to save the current rule.

Folder Naming Convention

  1. Create a single folder or multi-level folders, using a slash (/) to indicate multi-level folders.
  2. Folder names must not start or end with a slash (/).
  3. Two or more adjacent slashes (/) are not allowed.
  4. Applies to all access types.
Note
  • If the entered folder does not exist, TrueWatch will create it directly, and the data will still be stored in that path.
  • Be cautious when changing the storage path. Due to a delay of about 5 minutes in updating the configuration, some data may still be forwarded to the original directory after the change.
If the test fails:

You need to confirm:

  • Whether the external ID is invalid.
  • Whether the account ID is correct.
  • Whether the account role exists.
  • Whether the bucket exists.
  • Whether the region is inconsistent.

Proceed with caution in the following situations:

  • If you click to regenerate the external ID, the historical ID will expire after 24 hours. Please replace it in the AWS console as soon as possible.
  • Do not click to generate the external ID multiple times. Proceed with caution!

Access Keys

  1. Click to download the AWS resource authorization template and configure the TrueWatch IAM policy in AWS.
  2. After configuration, fill in the account information, including AWS AK & SK, region, and bucket name.
  3. Enter the storage path to facilitate further differentiation and location of the forwarded data.
  4. Click Test Connection. If the above information meets the specifications, a successful connection test will be prompted.
If the test fails:

You need to confirm:

  • Whether the account ID is correct.
  • Whether the AK / SK exists.
  • Whether the bucket exists.
  • Whether the region is inconsistent.

Account Authorization

  1. AWS provides cross-account authorization capabilities. You need to use the TrueWatch exclusive account ID and follow the configuration instructions to add a cross-account access authorization policy.

  2. After configuration, select the region and enter the bucket name.

  3. Enter the storage path to facilitate further differentiation and location of the forwarded data.
  4. Click Test Connection. If the above information meets the specifications, a successful connection test will be prompted. Click Confirm to save the current rule.
If the test fails:

You need to confirm:

  • Whether the account ID is correct.
  • Whether the bucket exists.
  • Whether the region is inconsistent.

Regarding International Sites: The account ID for international sites is different from that of the China region. Please distinguish accordingly:

Site ID
Hong Kong, China 588271335135
Oregon 521643107266
Singapore 521643107266
Frankfurt 521643107266