Linking AWS Accounts

How to link your AWS accounts with Scanner

Linking your AWS account involves setting up certain resources such that Scanner can read your log files, index them, store the index files, and read the index files when you make a query.

AWS resources required

  • A new S3 bucket to store Scanner index files.

  • A new IAM role with these permissions:

    • Read access to S3 buckets containing your logs.

    • Read/write access to the new Scanner index files bucket.

  • A new or existing SNS topic to send s3:ObjectCreated notifications from your S3 log files buckets to the Scanner instance.

Setting up the resources

You can use AWS CloudShell, CloudFormation, Terraform, or Pulumi to set up the resources in you AWS account. Commands/templates are provided in the following pages.

We recommend CloudShell for easiest onboarding to get started quickly. Teams usually transition to infra-as-code tools like CloudFormation, Terraform, or Pulumi as their infrastructure decisions stabilize.

Last updated