Collect Logs from Amazon S3 Buckets with KMS Encryption

Overview
USM Anywhere Architecture
USM Anywhere Data Security
USM Anywhere Log Data Enhancement
USM Anywhere Quick Start Guides
USM Anywhere Deployment Guide
- Overview
- USM Anywhere Deployment Types and Scalability
- USM Anywhere Sensor Deployments
  - Overview
  - AWS Sensor Deployment
    - Overview
    - Requirements for AWS Sensor Deployment
    - Deploy the AWS Sensor
    - Connect the AWS Sensor to USM Anywhere
    - Complete the AWS Sensor Setup
    - Enable Connections in an AWS VPC
    - VPC Traffic Mirroring with an AWS Sensor
    - Adding an Additional Sensor for Other AWS Accounts
    - AWS Log Discovery and Collection in USM Anywhere
  - Azure Sensor Deployment
  - GCP Sensor Deployment
  - Hyper-V Sensor Deployment
  - VMware Sensor Deployment
  - Deploying Your Sensor in a DHCP Environment
- The AWS Cloud Connector Deployment in USM Anywhere
- Network Setup and Configuration
- Data Sources and Log Collection
- File Integrity Monitoring
- Alarm and Event Notifications
- Troubleshooting and Remote Sensor Support
USM Anywhere User Guides
- Overview
- Getting Started with USM Anywhere
- USM Anywhere Best Practices
- USM Anywhere Dashboards
- Asset Management
- Alarms Management
- System Events Management
- Console User Events on USM Anywhere
- Configuration Issues Management
- User Behaviour Analytics
- Events Management
- USM Anywhere Scheduler
  - Overview
  - USM Anywhere Scheduler Best Practices
  - Managing Jobs in the Scheduler
  - Scheduling Active Directory Scans from the Job Scheduler Page
  - Scheduling Asset Scans from the Job Scheduler Page
  - Scheduling Asset Groups Scans from the Job Scheduler Page
  - Scheduling User Discovery Jobs from the Job Scheduler Page
  - Scheduling Log Collection from the Job Scheduler Page
    - Overview
    - AWS Log Discovery and Collection in USM Anywhere
    - Azure Log Discovery and Collection in USM Anywhere
- Rules Management
- Vulnerability Assessment
- Open Threat Exchange® and USM Anywhere
- USM Anywhere Sensor Management
- The AWS Cloud Connector in USM Anywhere
- Subscription Management
- USM Anywhere Reports
- Machine Learning
- USM Anywhere User Management
- Using USM Anywhere for PCI Compliance
- USM Anywhere Investigations
- System Status within USM Anywhere
USM Anywhere Agents Guide
USM Anywhere BlueApps Guide

If you are using a key management service (KMS) key to encrypt the Amazon S3 buckets where your logs are stored, you need to perform the following steps to enable your USM Anywhere Sensor to decrypt those buckets.

Note: To do this, you first need to know the bucket that is encrypted, the KMS key used for the encryption, and the Identity and Access Management (IAM) role created for your sensor.

To enable your sensor to decrypt KMS-encrypted buckets

Log in to the AWS Management Console and navigate to the Key Management Service (KMS) page.
Open the Customer Managed Keys page and locate the KMS key you are using.
Scroll down to the Key Users section.
Click Add.
Use the list or the search bar to select the IAM role created for your sensor.
Click Add.

Collect Other Logs from an Amazon S3 Bucket Overview

USM Anywhere™

USM Central™

Automated Policy Manager

Collect Logs from Amazon S3 Buckets with KMS Encryption