AWS S3

AWS S3 v3.0.2

Home FortiSOAR Connectors AWS S3

3.0.2

AWS S3 v3.0.2

About the connector

To provide automation for AWS S3 operations, like creation and modification of S3 buckets and related contents.

This document provides information about the AWS S3 Connector, which facilitates automated interactions, with a AWS S3 server using FortiSOAR™ playbooks. Add the AWS S3 Connector as a step in FortiSOAR™ playbooks and perform automated operations with AWS S3.

Version information

Connector Version: 3.0.2

FortiSOAR™ Version Tested on: 7.5.0-4015

AWS S3 Version Tested on: 2006-03-01

Authored By: Fortinet

Certified: Yes

Release Notes for version 3.0.2

Following enhancements have been made to the AWS S3 Connector in version 3.0.2:

Updated the version for boto3 library
Updated the output schema for the following actions:
- Delete Bucket
- Modify Bucket
- List Objects
- List Buckets
- Get Object
- Create New Bucket

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-awss3

Prerequisites to configuring the connector

You must know your account's AWS region that to access AWS services, the configuration type, and either the IAM Role or access credentials to connect to AWS.
- If you choose access credentials, you need the AWS access key ID and the AWS secret access key to access AWS services.
- If you choose IAM Role, you need the IAM role to access AWS S3 services.
To create an AWS access key ID and the secret access key, you need to have Root User Access on AWS S3.
To configure this connector using the IAM Role:
- Your FortiSOAR™ machine must be on AWS
- The user assigned to the IAM Role should have full access to execute FortiSOAR™ actions
To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Minimum Permissions Required

Not applicable

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the AWS S3 connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter	Description
Region	AWS region of your account to access the AWS S3 services.
Configuration Type	AWS configuration type that determines the authentication mechanism to provide credentials and access AWS S3. You can choose from following options: IAM Role: Specify the IAM Role of your AWS instance to access AWS services, in the AWS Instance IAM Role field. Access Credentials: Select this option if you have the access and secret keys to access AWS services. Once selected, specify values in the following fields: Access Key: Specify the AWS access key to access AWS services. Secret Key: Specify the AWS secret key to access AWS services.
Verify SSL	Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to `True`.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function	Description	Annotation and Category
Create New Bucket	Creates a new S3 Bucket in AWS based on the bucket name you have specified.	create_bucket Investigation
Download File	Downloads an S3 object or file from AWS S3 and adds the object or file in the FortiSOAR "Attachment" module.	download_file Miscellaneous
List Buckets	Retrieves a list of all available S3 buckets from AWS.	list_buckets Miscellaneous
Get Bucket Policy	Retrieves the policy of the bucket based on the bucket name you have specified.	get_bucket_policy Investigation
List Objects	Retrieves an inventory of objects in a specific bucket from AWS S3 based on the bucket name and other input parameters you have specified.	list_objects Investigation
Get Object	Retrieves details of a specific object and optionally download associated metadata of the file from a specific bucket from AWS S3 based on the bucket name, object key, and other input parameters you have specified.	get_object_details Miscellaneous
Modify Bucket	Modifies an existing S3 bucket on AWS based on the bucket name and other input parameters you have specified.	modify_bucket Miscellaneous
Modify Object	Modifies an existing object in AWS S3 based on the bucket name, object key, and other input parameters you have specified.	modify_object Miscellaneous
Create Bucket Policy	Creates (a new policy) and applies that bucket policy to an Amazon S3 bucket based on the bucket name and policy arguments you have specified.	put_bucket_policy Miscellaneous
Replace Bucket Policy	Replaces (an existing policy) and applies that bucket policy to an Amazon S3 bucket based on the bucket name and policy arguments you have specified.	put_bucket_policy Miscellaneous
Upload File into Bucket	Uploads a file from the FortiSOAR "Attachment" module to the AWS S3 bucket.	file_upload Miscellaneous
Delete Tag	Deletes tags from the specified bucket and/or object on AWS S3.	delete_tag Remediation
Delete Bucket	Deletes the specified bucket from AWS S3. Important: All objects (including all object versions and Delete Markers) in the bucket must be deleted before the bucket itself can be deleted.	delete_bucket Remediation
Delete Bucket Object	Deletes a specific object from a specific AWS S3 bucket.	delete_object Remediation

operation: Create New Bucket

Input parameters

Parameter	Description
Bucket Name	Name of the new bucket that you want to create in AWS S3.
ACL Permission	(Optional) Canned ACL permissions that you want to apply to the bucket that you are creating in AWS S3. You can choose from the following options: Private, Public Read, Public Read Write, Authenticated Read.

Output

The output contains the following populated JSON schema:

{
    "Location": "",
    "ResponseMetadata": {
        "RequestId": "",
        "RetryAttempts": "",
        "HostId": "",
        "HTTPHeaders": {
            "x-amz-request-id": "",
            "content-length": "",
            "date": "",
            "x-amz-id-2": "",
            "location": "",
            "server": ""
        },
        "HTTPStatusCode": ""
    }
}

operation: Download File

Input parameters

Parameter	Description
Download Option	Select the option, either From Bucket or From URL, from where you want to download the file or object from AWS S3. If you choose 'From Bucket' Bucket Name: Name of the bucket from which you want to download the object from AWS S3. Object Key: Key of the object that you want to download from AWS S3. If you choose 'From URL' Download File URL: URL of the file that you want to download from AWS S3. Filename for Attachment: Provide filename to override the default filename

Parameter

Description

Download Option

Select the option, either From Bucket or From URL, from where you want to download the file or object from AWS S3.
If you choose 'From Bucket'

Bucket Name: Name of the bucket from which you want to download the object from AWS S3.
Object Key: Key of the object that you want to download from AWS S3.

If you choose 'From URL'

Download File URL: URL of the file that you want to download from AWS S3.
Filename for Attachment: Provide filename to override the default filename

Output

The output contains the following populated JSON schema:

{
    "createUser": {
        "createUser": "",
        "id": "",
        "@type": "",
        "name": "",
        "@id": "",
        "userId": "",
        "userType": "",
        "createDate": "",
        "avatar": "",
        "modifyUser": "",
        "@settings": "",
        "modifyDate": ""
    },
    "id": "",
    "@type": "",
    "type": "",
    "modifyUser": {
        "createUser": "",
        "id": "",
        "@type": "",
        "name": "",
        "@id": "",
        "userId": "",
        "userType": "",
        "createDate": "",
        "avatar": "",
        "modifyUser": "",
        "@settings": "",
        "modifyDate": ""
    },
    "file": {
        "uploadDate": "",
        "owners": [],
        "@context": "",
        "mimeType": "",
        "@type": "",
        "filename": "",
        "@id": "",
        "file": {
            "@type": ""
        },
        "size": "",
        "metadata": ""
    },
    "@context": "",
    "description": "",
    "createDate": "",
    "name": "",
    "@id": "",
    "modifyDate": ""
}

operation: List Buckets

Input parameters

None.

Output

The output contains the following populated JSON schema:

{
    "Owner": {
        "ID": "",
        "DisplayName": ""
    },
    "Buckets": [
        {
            "Name": "",
            "CreationDate": ""
        }
    ],
    "ResponseMetadata": {
        "HostId": "",
        "RequestId": "",
        "HTTPHeaders": {
            "date": "",
            "server": "",
            "x-amz-id-2": "",
            "content-type": "",
            "x-amz-request-id": "",
            "transfer-encoding": ""
        },
        "RetryAttempts": "",
        "HTTPStatusCode": ""
    }
}

operation: Get Bucket Policy

Input parameters

Parameter	Description
Bucket Name	Name of the bucket whose policy contents you want to retrieve from AWS S3.

Output

The output contains the following populated JSON schema:

{
    "ResponseMetadata": {
        "HTTPHeaders": {
            "server": "",
            "x-amz-id-2": "",
            "content-type": "",
            "date": "",
            "content-length": "",
            "x-amz-request-id": ""
        },
        "HostId": "",
        "RetryAttempts": "",
        "RequestId": "",
        "HTTPStatusCode": ""
    },
    "Policy": {
        "Version": "",
        "Statement": [
            {
                "Action": "",
                "Effect": "",
                "Resource": "",
                "Principal": {
                    "AWS": ""
                },
                "Sid": ""
            }
        ],
        "Id": ""
    }
}

operation: List Objects

Input parameters

Parameter	Description
Bucket Name	Name of the bucket whose objects you want to retrieve from AWS S3.
Starting Key	(Optional) Specify the starting key for retrieving the objects from AWS S3, i.e., if you specify the starting key, then only objects with keys after the specified key will be fetched.
Page Size	(Optional) Number of objects to be fetched from AWS S3 in a single page. By default, this is set to 1000.

Output

The output contains the following populated JSON schema:

{
    "Name": "",
    "Prefix": "",
    "MaxKeys": "",
    "Contents": [
        {
            "Key": "",
            "ETag": "",
            "Size": "",
            "Owner": {
                "ID": "",
                "DisplayName": ""
            },
            "LastModified": "",
            "StorageClass": ""
        }
    ],
    "KeyCount": "",
    "IsTruncated": "",
    "EncodingType": "",
    "ResponseMetadata": {
        "HostId": "",
        "RequestId": "",
        "HTTPHeaders": {
            "date": "",
            "server": "",
            "x-amz-id-2": "",
            "content-type": "",
            "x-amz-request-id": "",
            "transfer-encoding": "",
            "x-amz-bucket-region": ""
        },
        "RetryAttempts": "",
        "HTTPStatusCode": ""
    }
}

operation: Get Object

Input parameters

Parameter	Description
Bucket Name	Name of the bucket whose object details you want to retrieve from AWS S3.
Object Key	Key of the object whose object details you want to retrieve from AWS S3.

Output

The output contains the following populated JSON schema:

{
    "error": "",
    "response": {
        "acl": {
            "Owner": {
                "ID": "",
                "DisplayName": ""
            },
            "Grants": [
                {
                    "Grantee": {
                        "ID": "",
                        "Type": "",
                        "DisplayName": ""
                    },
                    "Permission": ""
                }
            ],
            "ResponseMetadata": {
                "HostId": "",
                "RequestId": "",
                "HTTPHeaders": {
                    "date": "",
                    "server": "",
                    "x-amz-id-2": "",
                    "content-type": "",
                    "x-amz-request-id": "",
                    "transfer-encoding": ""
                },
                "RetryAttempts": "",
                "HTTPStatusCode": ""
            }
        },
        "tags": {
            "TagSet": [],
            "ResponseMetadata": {
                "HostId": "",
                "RequestId": "",
                "HTTPHeaders": {
                    "date": "",
                    "server": "",
                    "x-amz-id-2": "",
                    "x-amz-request-id": "",
                    "transfer-encoding": ""
                },
                "RetryAttempts": "",
                "HTTPStatusCode": ""
            }
        }
    }
}

operation: Modify Bucket

Input parameters

Parameter	Description
Bucket Name	Name of the bucket that you want to modify in AWS S3.
Tags	(Optional) Tags that you want to add to the specified bucket. You can add multiple tags using the semicolon separator. For example, key1:value1;key2:value2...
Encryption	(Optional) Select the default encryption scheme for items in this bucket. You can choose from the following options: None, AES256, or KMS. If you choose 'KMS' KMS Key: KMS key to be used if kms encryption is selected
Grants	(Optional) Specify the JSON object that contains users, and permissions to be granted to them. For example, [{"Grantee": {"ID": "2909146a9af35041b07ec330373208c3819e024e7f7074b60be9a36ba8884d5d", "Type": "CanonicalUser"}, "Permission": "FULL_CONTROL"}]

Output

The output contains the following populated JSON schema:

{
    "tags": {
      "error": "",
      "result": {
        "ResponseMetadata": {
          "HostId": "",
          "RequestId": "",
          "HTTPHeaders": {
            "date": "",
            "server": "",
            "x-amz-id-2": "",
            "x-amz-request-id": ""
          },
          "RetryAttempts": "",
          "HTTPStatusCode": ""
        }
      }
    },
    "encryption": {
      "error": "",
      "result": {
        "ResponseMetadata": {
          "HostId": "",
          "RequestId": "",
          "HTTPHeaders": {
            "date": "",
            "server": "",
            "x-amz-id-2": "",
            "content-length": "",
            "x-amz-request-id": ""
          },
          "RetryAttempts": "",
          "HTTPStatusCode": ""
        }
      }
    }
}

operation: Modify Object

Input parameters

Parameter	Description
Bucket Name	Name of the bucket that contains the object that you want to modify in AWS S3.
Object Key	Key of the object that you want to modify in AWS S3.
Tags	(Optional) Tags that you want to add to the specified object. You can add multiple tags using the semicolon separator. For example, key1:value1;key2:value2...
Grants	(Optional) Specify the JSON object that contains users, and permissions to be granted to them. For example, [{"Grantee": {"ID": "2909146a9af35041b07ec330373208c3819e024e7f7074b60be9a36ba8884d5d", "Type": "CanonicalUser"}, "Permission": "FULL_CONTROL"}]

Output

The output contains the following populated JSON schema:

{
    "error": "",
    "result": {}
}

operation: Create Bucket Policy

Input parameters

Parameter	Description
Bucket Name	Name of the bucket to which you want to apply the specified policy in AWS S3.
Policy Arguments	Policy arguments, in the JSON format, for the policy that you want to create for the specified bucket. Use the following link to generate the policy payload: https://awspolicygen.s3.amazonaws.com/policygen.html For example: "{\"Id\": \"Policy1587973025262\", \"Version\": \"2012-10-17\", \"Statement\": [{\"Sid\": \"Stmt1587972287815\", \"Action\": \"s3:\",\"Effect\": \"Allow\",\"Resource\": \"arn:aws:s3:::bucket_name\", \"Principal\": \"\"}]}"

Parameter

Description

Bucket Name

Name of the bucket to which you want to apply the specified policy in AWS S3.

Policy Arguments

Policy arguments, in the JSON format, for the policy that you want to create for the specified bucket. Use the following link to generate the policy payload: https://awspolicygen.s3.amazonaws.com/policygen.html For example: "{\"Id\": \"Policy1587973025262\", \"Version\": \"2012-10-17\", \"Statement\": [{\"Sid\": \"Stmt1587972287815\", \"Action\": \"s3:*\",\"Effect\": \"Allow\",\"Resource\": \"arn:aws:s3:::bucket_name\", \"Principal\": \"*\"}]}"

Output

The output contains the following populated JSON schema:

{
    "ResponseMetadata": {
        "RetryAttempts": "",
        "HTTPHeaders": {
            "content-type": "",
            "x-amz-id-2": "",
            "transfer-encoding": "",
            "server": "",
            "x-amz-request-id": "",
            "date": ""
        },
        "HostId": "",
        "RequestId": "",
        "HTTPStatusCode": ""
    }
}

operation: Replace Bucket Policy

Input parameters

Parameter	Description
Bucket Name	Name of the bucket to which you want to apply the specified (updated) policy in AWS S3.
Policy Arguments	Policy arguments, in the JSON format, for the policy that you want to replace in the specified bucket. Use the following link to generate the policy payload: https://awspolicygen.s3.amazonaws.com/policygen.html

Output

The output contains the following populated JSON schema:

{
    "ResponseMetadata": {
        "RetryAttempts": "",
        "HTTPHeaders": {
            "content-type": "",
            "x-amz-id-2": "",
            "transfer-encoding": "",
            "server": "",
            "x-amz-request-id": "",
            "date": ""
        },
        "HostId": "",
        "RequestId": "",
        "HTTPStatusCode": ""
    }
}

operation: Upload File into Bucket

Input parameters

Parameter	Description
Bucket Name	Name of the AWS S3 bucket into which you want to upload the file from the FortiSOAR "Attachment" module.
File ID(IRI)	ID or IRI value of the file that you want to upload to the specified AWS S3 bucket. In the playbook, the file ID or IRI is used to access the file from the FortiSOAR "Attachment" module.
Key for Object	Unique key for the newly uploaded object. Note: This key is used to access this file.

Output

The output contains the following populated JSON schema:

{
    "error": "",
    "result": {}
}

operation: Delete Tag

Input parameters

Parameter	Description
Select Tag From	Select bucket or bucket object for delete tag If you choose 'Bucket' Bucket Name: Name of the AWS S3 bucket from which you want to delete the specified tag Bucket Tags: Tags that you want to delete from the specified bucket on AWS S3. You can add multiple tags key using the comma separator. For example, key1,key2,key3... If you choose 'Bucket Object' Bucket Name: Name of the AWS S3 bucket that contains the target object. Object Key: Key of the object from which you want to delete the specified tags. Object Tags: Tags that you want to delete from the specified bucket on AWS S3. You can add multiple tags key using the comma separator. For example, key1,key2,key3...

Parameter

Description

Select Tag From

Select bucket or bucket object for delete tag
If you choose 'Bucket'

Bucket Name: Name of the AWS S3 bucket from which you want to delete the specified tag
Bucket Tags: Tags that you want to delete from the specified bucket on AWS S3. You can add multiple tags key using the comma separator. For example, key1,key2,key3...

If you choose 'Bucket Object'

Bucket Name: Name of the AWS S3 bucket that contains the target object.
Object Key: Key of the object from which you want to delete the specified tags.
Object Tags: Tags that you want to delete from the specified bucket on AWS S3. You can add multiple tags key using the comma separator. For example, key1,key2,key3...

Output

The output contains a non-dictionary value.

operation: Delete Bucket

Input parameters

Parameter	Description
Bucket Name	Name of the bucket that you want to delete from AWS S3.

Output

The output contains the following populated JSON schema:

{
    "error": "",
    "result": {
        "ResponseMetadata": {
            "HostId": "",
            "RequestId": "",
            "HTTPHeaders": {
                "date": "",
                "server": "",
                "x-amz-id-2": "",
                "x-amz-request-id": ""
            },
            "RetryAttempts": "",
            "HTTPStatusCode": ""
        }
    }
}

operation: Delete Bucket Object

Input parameters

Parameter	Description
Bucket Name	Name of the bucket that contains the object that you want to delete from AWS S3.
Object Key	Key of the object that you want to delete from AWS S3.

Output

The output contains the following populated JSON schema:

{
    "error": "",
    "result": {}
}

Included playbooks

The Sample - awss3 - 3.0.2 playbook collection comes bundled with the AWS S3 connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS S3 connector.

Create Bucket Policy
Create New Bucket
Delete Bucket
Delete Bucket Object
Delete Tag
Download File
Get Bucket Policy
Get Object
List Buckets
List Objects
Modify Bucket
Modify Object
Replace Bucket Policy
Upload File into Bucket

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

To provide automation for AWS S3 operations, like creation and modification of S3 buckets and related contents.

Version information

Connector Version: 3.0.2

FortiSOAR™ Version Tested on: 7.5.0-4015

AWS S3 Version Tested on: 2006-03-01

Authored By: Fortinet

Certified: Yes

Release Notes for version 3.0.2

Following enhancements have been made to the AWS S3 Connector in version 3.0.2:

Updated the version for boto3 library
Updated the output schema for the following actions:
- Delete Bucket
- Modify Bucket
- List Objects
- List Buckets
- Get Object
- Create New Bucket

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-awss3

Prerequisites to configuring the connector

You must know your account's AWS region that to access AWS services, the configuration type, and either the IAM Role or access credentials to connect to AWS.
- If you choose access credentials, you need the AWS access key ID and the AWS secret access key to access AWS services.
- If you choose IAM Role, you need the IAM role to access AWS S3 services.
To create an AWS access key ID and the secret access key, you need to have Root User Access on AWS S3.
To configure this connector using the IAM Role:
- Your FortiSOAR™ machine must be on AWS
- The user assigned to the IAM Role should have full access to execute FortiSOAR™ actions
To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Minimum Permissions Required

Not applicable

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

Parameter	Description
Region	AWS region of your account to access the AWS S3 services.
Configuration Type	AWS configuration type that determines the authentication mechanism to provide credentials and access AWS S3. You can choose from following options: IAM Role: Specify the IAM Role of your AWS instance to access AWS services, in the AWS Instance IAM Role field. Access Credentials: Select this option if you have the access and secret keys to access AWS services. Once selected, specify values in the following fields: Access Key: Specify the AWS access key to access AWS services. Secret Key: Specify the AWS secret key to access AWS services.
Verify SSL	Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to `True`.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function	Description	Annotation and Category
Create New Bucket	Creates a new S3 Bucket in AWS based on the bucket name you have specified.	create_bucket Investigation
Download File	Downloads an S3 object or file from AWS S3 and adds the object or file in the FortiSOAR "Attachment" module.	download_file Miscellaneous
List Buckets	Retrieves a list of all available S3 buckets from AWS.	list_buckets Miscellaneous
Get Bucket Policy	Retrieves the policy of the bucket based on the bucket name you have specified.	get_bucket_policy Investigation
List Objects	Retrieves an inventory of objects in a specific bucket from AWS S3 based on the bucket name and other input parameters you have specified.	list_objects Investigation
Get Object	Retrieves details of a specific object and optionally download associated metadata of the file from a specific bucket from AWS S3 based on the bucket name, object key, and other input parameters you have specified.	get_object_details Miscellaneous
Modify Bucket	Modifies an existing S3 bucket on AWS based on the bucket name and other input parameters you have specified.	modify_bucket Miscellaneous
Modify Object	Modifies an existing object in AWS S3 based on the bucket name, object key, and other input parameters you have specified.	modify_object Miscellaneous
Create Bucket Policy	Creates (a new policy) and applies that bucket policy to an Amazon S3 bucket based on the bucket name and policy arguments you have specified.	put_bucket_policy Miscellaneous
Replace Bucket Policy	Replaces (an existing policy) and applies that bucket policy to an Amazon S3 bucket based on the bucket name and policy arguments you have specified.	put_bucket_policy Miscellaneous
Upload File into Bucket	Uploads a file from the FortiSOAR "Attachment" module to the AWS S3 bucket.	file_upload Miscellaneous
Delete Tag	Deletes tags from the specified bucket and/or object on AWS S3.	delete_tag Remediation
Delete Bucket	Deletes the specified bucket from AWS S3. Important: All objects (including all object versions and Delete Markers) in the bucket must be deleted before the bucket itself can be deleted.	delete_bucket Remediation
Delete Bucket Object	Deletes a specific object from a specific AWS S3 bucket.	delete_object Remediation

operation: Create New Bucket

Input parameters

Parameter	Description
Bucket Name	Name of the new bucket that you want to create in AWS S3.
ACL Permission	(Optional) Canned ACL permissions that you want to apply to the bucket that you are creating in AWS S3. You can choose from the following options: Private, Public Read, Public Read Write, Authenticated Read.

Output

The output contains the following populated JSON schema:

{
    "Location": "",
    "ResponseMetadata": {
        "RequestId": "",
        "RetryAttempts": "",
        "HostId": "",
        "HTTPHeaders": {
            "x-amz-request-id": "",
            "content-length": "",
            "date": "",
            "x-amz-id-2": "",
            "location": "",
            "server": ""
        },
        "HTTPStatusCode": ""
    }
}

operation: Download File

Input parameters

Parameter	Description
Download Option	Select the option, either From Bucket or From URL, from where you want to download the file or object from AWS S3. If you choose 'From Bucket' Bucket Name: Name of the bucket from which you want to download the object from AWS S3. Object Key: Key of the object that you want to download from AWS S3. If you choose 'From URL' Download File URL: URL of the file that you want to download from AWS S3. Filename for Attachment: Provide filename to override the default filename

Parameter

Description

Download Option

Select the option, either From Bucket or From URL, from where you want to download the file or object from AWS S3.
If you choose 'From Bucket'

Bucket Name: Name of the bucket from which you want to download the object from AWS S3.
Object Key: Key of the object that you want to download from AWS S3.

If you choose 'From URL'

Download File URL: URL of the file that you want to download from AWS S3.
Filename for Attachment: Provide filename to override the default filename

Output

The output contains the following populated JSON schema:

{
    "createUser": {
        "createUser": "",
        "id": "",
        "@type": "",
        "name": "",
        "@id": "",
        "userId": "",
        "userType": "",
        "createDate": "",
        "avatar": "",
        "modifyUser": "",
        "@settings": "",
        "modifyDate": ""
    },
    "id": "",
    "@type": "",
    "type": "",
    "modifyUser": {
        "createUser": "",
        "id": "",
        "@type": "",
        "name": "",
        "@id": "",
        "userId": "",
        "userType": "",
        "createDate": "",
        "avatar": "",
        "modifyUser": "",
        "@settings": "",
        "modifyDate": ""
    },
    "file": {
        "uploadDate": "",
        "owners": [],
        "@context": "",
        "mimeType": "",
        "@type": "",
        "filename": "",
        "@id": "",
        "file": {
            "@type": ""
        },
        "size": "",
        "metadata": ""
    },
    "@context": "",
    "description": "",
    "createDate": "",
    "name": "",
    "@id": "",
    "modifyDate": ""
}

operation: List Buckets

Input parameters

None.

Output

The output contains the following populated JSON schema:

{
    "Owner": {
        "ID": "",
        "DisplayName": ""
    },
    "Buckets": [
        {
            "Name": "",
            "CreationDate": ""
        }
    ],
    "ResponseMetadata": {
        "HostId": "",
        "RequestId": "",
        "HTTPHeaders": {
            "date": "",
            "server": "",
            "x-amz-id-2": "",
            "content-type": "",
            "x-amz-request-id": "",
            "transfer-encoding": ""
        },
        "RetryAttempts": "",
        "HTTPStatusCode": ""
    }
}

operation: Get Bucket Policy

Input parameters

Parameter	Description
Bucket Name	Name of the bucket whose policy contents you want to retrieve from AWS S3.

Output

The output contains the following populated JSON schema:

{
    "ResponseMetadata": {
        "HTTPHeaders": {
            "server": "",
            "x-amz-id-2": "",
            "content-type": "",
            "date": "",
            "content-length": "",
            "x-amz-request-id": ""
        },
        "HostId": "",
        "RetryAttempts": "",
        "RequestId": "",
        "HTTPStatusCode": ""
    },
    "Policy": {
        "Version": "",
        "Statement": [
            {
                "Action": "",
                "Effect": "",
                "Resource": "",
                "Principal": {
                    "AWS": ""
                },
                "Sid": ""
            }
        ],
        "Id": ""
    }
}

operation: List Objects

Input parameters

Parameter	Description
Bucket Name	Name of the bucket whose objects you want to retrieve from AWS S3.
Starting Key	(Optional) Specify the starting key for retrieving the objects from AWS S3, i.e., if you specify the starting key, then only objects with keys after the specified key will be fetched.
Page Size	(Optional) Number of objects to be fetched from AWS S3 in a single page. By default, this is set to 1000.

Output

The output contains the following populated JSON schema:

{
    "Name": "",
    "Prefix": "",
    "MaxKeys": "",
    "Contents": [
        {
            "Key": "",
            "ETag": "",
            "Size": "",
            "Owner": {
                "ID": "",
                "DisplayName": ""
            },
            "LastModified": "",
            "StorageClass": ""
        }
    ],
    "KeyCount": "",
    "IsTruncated": "",
    "EncodingType": "",
    "ResponseMetadata": {
        "HostId": "",
        "RequestId": "",
        "HTTPHeaders": {
            "date": "",
            "server": "",
            "x-amz-id-2": "",
            "content-type": "",
            "x-amz-request-id": "",
            "transfer-encoding": "",
            "x-amz-bucket-region": ""
        },
        "RetryAttempts": "",
        "HTTPStatusCode": ""
    }
}

operation: Get Object

Input parameters

Parameter	Description
Bucket Name	Name of the bucket whose object details you want to retrieve from AWS S3.
Object Key	Key of the object whose object details you want to retrieve from AWS S3.

Output

The output contains the following populated JSON schema:

{
    "error": "",
    "response": {
        "acl": {
            "Owner": {
                "ID": "",
                "DisplayName": ""
            },
            "Grants": [
                {
                    "Grantee": {
                        "ID": "",
                        "Type": "",
                        "DisplayName": ""
                    },
                    "Permission": ""
                }
            ],
            "ResponseMetadata": {
                "HostId": "",
                "RequestId": "",
                "HTTPHeaders": {
                    "date": "",
                    "server": "",
                    "x-amz-id-2": "",
                    "content-type": "",
                    "x-amz-request-id": "",
                    "transfer-encoding": ""
                },
                "RetryAttempts": "",
                "HTTPStatusCode": ""
            }
        },
        "tags": {
            "TagSet": [],
            "ResponseMetadata": {
                "HostId": "",
                "RequestId": "",
                "HTTPHeaders": {
                    "date": "",
                    "server": "",
                    "x-amz-id-2": "",
                    "x-amz-request-id": "",
                    "transfer-encoding": ""
                },
                "RetryAttempts": "",
                "HTTPStatusCode": ""
            }
        }
    }
}

operation: Modify Bucket

Input parameters

Parameter	Description
Bucket Name	Name of the bucket that you want to modify in AWS S3.
Tags	(Optional) Tags that you want to add to the specified bucket. You can add multiple tags using the semicolon separator. For example, key1:value1;key2:value2...
Encryption	(Optional) Select the default encryption scheme for items in this bucket. You can choose from the following options: None, AES256, or KMS. If you choose 'KMS' KMS Key: KMS key to be used if kms encryption is selected
Grants	(Optional) Specify the JSON object that contains users, and permissions to be granted to them. For example, [{"Grantee": {"ID": "2909146a9af35041b07ec330373208c3819e024e7f7074b60be9a36ba8884d5d", "Type": "CanonicalUser"}, "Permission": "FULL_CONTROL"}]

Output

The output contains the following populated JSON schema:

{
    "tags": {
      "error": "",
      "result": {
        "ResponseMetadata": {
          "HostId": "",
          "RequestId": "",
          "HTTPHeaders": {
            "date": "",
            "server": "",
            "x-amz-id-2": "",
            "x-amz-request-id": ""
          },
          "RetryAttempts": "",
          "HTTPStatusCode": ""
        }
      }
    },
    "encryption": {
      "error": "",
      "result": {
        "ResponseMetadata": {
          "HostId": "",
          "RequestId": "",
          "HTTPHeaders": {
            "date": "",
            "server": "",
            "x-amz-id-2": "",
            "content-length": "",
            "x-amz-request-id": ""
          },
          "RetryAttempts": "",
          "HTTPStatusCode": ""
        }
      }
    }
}

operation: Modify Object

Input parameters

Parameter	Description
Bucket Name	Name of the bucket that contains the object that you want to modify in AWS S3.
Object Key	Key of the object that you want to modify in AWS S3.
Tags	(Optional) Tags that you want to add to the specified object. You can add multiple tags using the semicolon separator. For example, key1:value1;key2:value2...
Grants	(Optional) Specify the JSON object that contains users, and permissions to be granted to them. For example, [{"Grantee": {"ID": "2909146a9af35041b07ec330373208c3819e024e7f7074b60be9a36ba8884d5d", "Type": "CanonicalUser"}, "Permission": "FULL_CONTROL"}]

Output

The output contains the following populated JSON schema:

{
    "error": "",
    "result": {}
}

operation: Create Bucket Policy

Input parameters

Parameter	Description
Bucket Name	Name of the bucket to which you want to apply the specified policy in AWS S3.
Policy Arguments	Policy arguments, in the JSON format, for the policy that you want to create for the specified bucket. Use the following link to generate the policy payload: https://awspolicygen.s3.amazonaws.com/policygen.html For example: "{\"Id\": \"Policy1587973025262\", \"Version\": \"2012-10-17\", \"Statement\": [{\"Sid\": \"Stmt1587972287815\", \"Action\": \"s3:\",\"Effect\": \"Allow\",\"Resource\": \"arn:aws:s3:::bucket_name\", \"Principal\": \"\"}]}"

Parameter

Description

Bucket Name

Name of the bucket to which you want to apply the specified policy in AWS S3.

Policy Arguments

Output

The output contains the following populated JSON schema:

{
    "ResponseMetadata": {
        "RetryAttempts": "",
        "HTTPHeaders": {
            "content-type": "",
            "x-amz-id-2": "",
            "transfer-encoding": "",
            "server": "",
            "x-amz-request-id": "",
            "date": ""
        },
        "HostId": "",
        "RequestId": "",
        "HTTPStatusCode": ""
    }
}

operation: Replace Bucket Policy

Input parameters

Parameter	Description
Bucket Name	Name of the bucket to which you want to apply the specified (updated) policy in AWS S3.
Policy Arguments	Policy arguments, in the JSON format, for the policy that you want to replace in the specified bucket. Use the following link to generate the policy payload: https://awspolicygen.s3.amazonaws.com/policygen.html

Output

The output contains the following populated JSON schema:

{
    "ResponseMetadata": {
        "RetryAttempts": "",
        "HTTPHeaders": {
            "content-type": "",
            "x-amz-id-2": "",
            "transfer-encoding": "",
            "server": "",
            "x-amz-request-id": "",
            "date": ""
        },
        "HostId": "",
        "RequestId": "",
        "HTTPStatusCode": ""
    }
}

operation: Upload File into Bucket

Input parameters

Parameter	Description
Bucket Name	Name of the AWS S3 bucket into which you want to upload the file from the FortiSOAR "Attachment" module.
File ID(IRI)	ID or IRI value of the file that you want to upload to the specified AWS S3 bucket. In the playbook, the file ID or IRI is used to access the file from the FortiSOAR "Attachment" module.
Key for Object	Unique key for the newly uploaded object. Note: This key is used to access this file.

Output

The output contains the following populated JSON schema:

{
    "error": "",
    "result": {}
}

operation: Delete Tag

Input parameters

Parameter	Description
Select Tag From	Select bucket or bucket object for delete tag If you choose 'Bucket' Bucket Name: Name of the AWS S3 bucket from which you want to delete the specified tag Bucket Tags: Tags that you want to delete from the specified bucket on AWS S3. You can add multiple tags key using the comma separator. For example, key1,key2,key3... If you choose 'Bucket Object' Bucket Name: Name of the AWS S3 bucket that contains the target object. Object Key: Key of the object from which you want to delete the specified tags. Object Tags: Tags that you want to delete from the specified bucket on AWS S3. You can add multiple tags key using the comma separator. For example, key1,key2,key3...

Parameter

Description

Select Tag From

Select bucket or bucket object for delete tag
If you choose 'Bucket'

Bucket Name: Name of the AWS S3 bucket from which you want to delete the specified tag
Bucket Tags: Tags that you want to delete from the specified bucket on AWS S3. You can add multiple tags key using the comma separator. For example, key1,key2,key3...

If you choose 'Bucket Object'

Bucket Name: Name of the AWS S3 bucket that contains the target object.
Object Key: Key of the object from which you want to delete the specified tags.
Object Tags: Tags that you want to delete from the specified bucket on AWS S3. You can add multiple tags key using the comma separator. For example, key1,key2,key3...

Output

The output contains a non-dictionary value.

operation: Delete Bucket

Input parameters

Parameter	Description
Bucket Name	Name of the bucket that you want to delete from AWS S3.

Output

The output contains the following populated JSON schema:

{
    "error": "",
    "result": {
        "ResponseMetadata": {
            "HostId": "",
            "RequestId": "",
            "HTTPHeaders": {
                "date": "",
                "server": "",
                "x-amz-id-2": "",
                "x-amz-request-id": ""
            },
            "RetryAttempts": "",
            "HTTPStatusCode": ""
        }
    }
}

operation: Delete Bucket Object

Input parameters

Parameter	Description
Bucket Name	Name of the bucket that contains the object that you want to delete from AWS S3.
Object Key	Key of the object that you want to delete from AWS S3.

Output

The output contains the following populated JSON schema:

{
    "error": "",
    "result": {}
}

Included playbooks

Create Bucket Policy
Create New Bucket
Delete Bucket
Delete Bucket Object
Delete Tag
Download File
Get Bucket Policy
Get Object
List Buckets
List Objects
Modify Bucket
Modify Object
Replace Bucket Policy
Upload File into Bucket

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

AWS S3

AWS S3 v3.0.2

About the connector

Version information

Release Notes for version 3.0.2

Installing the connector

Prerequisites to configuring the connector

Minimum Permissions Required

Configuring the connector

Configuration parameters

Actions supported by the connector

operation: Create New Bucket

Input parameters

Output