xdr-terraform-modules/base/generic_s3_bucket_with_role

Creates an S3 bucket, KMS key, and a role that can be assumed to access them

Full Bucket and Role Names

The bucket and roles will be prefixed with "xdr-{environment}-". If the splunk_prefix is required, it will need to be passed in as part of the name.

Important Note about Lifecycles

Versioning is enabled in the bucket. The current version and the previous version are always kept. Older versions are expired after 90 days.

All items transition to a intelligent tiering after 30 days.

Testing

For testing, the instance must assume-role first. To do this from the command-line:

aws --region us-gov-east-1 sts assume-role --role-session-name ftd_testing --role-arn [ARN]
# Output will contain AccessKeyId and SecretAcessKeyID
AWS_ACCESS_KEY_ID=[REPLACE] AWS_SECRET_ACCESS_KEY=[REPLACE] AWS_SESSION_TOKEN=[replace] aws --region us-gov-east-1 s3 ls

NOTE: You cannot generate the correct presigned url with older versions of the AWS CLI, such as the one presently (2022-04-19) installed on the portal boxes. You will get the error:

<Error>
  <Code>InvalidRequest</Code>
  <Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message>
  <RequestId>VJF9V2CAQR1XZER6</RequestId>
  <HostId>bJ/waruDGO4FC2VQoTRRtwGnehzOScUpu8JbXnCQ7L8vVULm9RGLF8EqAXjSAViM+HdXXDI4rqM=</HostId>
</Error>

Newer boto3 requests will use signature version 4, which works correctly.