This article explains how to configure shared storage on the Amazon S3 bucket.
Prerequisites
The following are the prerequisites for D2C activation, the new DLP Evidence, and registered documents in MVISION ePO:
- New Amazon S3 bucket
- MVISION ePO tenant with full DLP license activated
Activation steps
- Log on to the MVISION ePO console.
- Go to the DLP Settings section, and select the General tab.
- In the Default Shared Location field, enter the S3 bucket name and click Register Bucket.
- After the S3 bucket name is registered successfully, click Get Bucket Policy. The bucket policy window appears. Example for Bucket Policy:
{"Version":"2012-10-17","Statement":[{"Principal":{"AWS":["arn:aws:iam::43786348768:user/mcafee-d2c-preprod-user"]},"Action":["s3:GetObject","s3:PutObject","s3:PutObjectAcl","s3:DeleteObject"],"Effect":"Allow","Resource":"arn:aws:s3:::example/*"},{"Principal":{"AWS":["arn:aws:iam::258199346934:user/mcafee-d2c-preprod-user"]},"Action":["s3:GetBucketLocation","s3:ListBucket","s3:ListBucketMultipartUploads"],"Effect":"Allow","Resource":"arn:aws:s3:::example"}]}
- Log on to your Amazon Web Services console.
- Locate the S3 bucket registered in step 3 and do the following:
- Go to Permissions, Bucket Policy.
- Copy the bucket policy from the MVISION ePO user interface (UI), and paste it in the Amazon Web Services Bucket Policy Editor.
- Click Save.
- In the MVISION ePO UI, DLP Settings section, click Test Connection.
After the test is successful, the S3 bucket is configured and ready to work. Also, the same bucket automatically replicates to the Windows Client Configuration policy that's assigned to your systems.
NOTE: For access-related issues caused due to the security policies being added before the S3 bucket configuration, and their resolutions, see
KB95931 - Access denied Error code MIN004 appears on Data Loss Prevention Endpoint for MVISION ePolicy Orchestrator.