You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _security-analytics/threat-intelligence/getting-started.md
+29-29Lines changed: 29 additions & 29 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -67,45 +67,45 @@ When creating the role, customize the following settings:
67
67
68
68
- Add the following custom trust policy:
69
69
70
-
```bash
71
-
{
72
-
"Version": "2012-10-17",
73
-
"Statement": [
74
-
{
75
-
"Effect": "Allow",
76
-
"Principal": {
77
-
"Service": [
78
-
"opensearchservice.amazonaws.com"
79
-
]
80
-
},
81
-
"Action": "sts:AssumeRole"
82
-
}
83
-
]
84
-
}
85
-
```
70
+
```json
71
+
{
72
+
"Version": "2012-10-17",
73
+
"Statement": [
74
+
{
75
+
"Effect": "Allow",
76
+
"Principal": {
77
+
"Service": [
78
+
"opensearchservice.amazonaws.com"
79
+
]
80
+
},
81
+
"Action": "sts:AssumeRole"
82
+
}
83
+
]
84
+
}
85
+
```
86
86
87
87
- On the Permissions policies page, add the `AmazonS3ReadOnlyAccess` permission.
88
-
88
+
89
89
90
90
#### Cross-account S3 bucket connection
91
91
92
92
Because the role ARN needs to be in the same account as the OpenSearch domain, a trust policy needs to be configured that allows the OpenSearch domain to download from S3 buckets from the same account.
93
93
94
94
To download from an S3 bucket in another account, the trust policy for that bucket needs to give the role ARN permission to read from the object, as shown in the following example:
0 commit comments