You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/connect-aws.md
+11Lines changed: 11 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,6 +7,15 @@ ms.topic: how-to
7
7
ms.date: 01/31/2024
8
8
---
9
9
10
+
---
11
+
title: Connect Microsoft Sentinel to Amazon Web Services to ingest AWS service log data
12
+
description: Use the AWS connector to delegate Microsoft Sentinel access to AWS resource logs, creating a trust relationship between Amazon Web Services and Microsoft Sentinel.
13
+
author: yelevin
14
+
ms.author: yelevin
15
+
ms.topic: how-to
16
+
ms.date: 01/31/2024
17
+
---
18
+
10
19
# Connect Microsoft Sentinel to Amazon Web Services to ingest AWS service log data
11
20
12
21
Use the Amazon Web Services (AWS) connectors to pull AWS service logs into Microsoft Sentinel. These connectors work by granting Microsoft Sentinel access to your AWS resource logs. Setting up the connector establishes a trust relationship between Amazon Web Services and Microsoft Sentinel. This is accomplished on AWS by creating a role that gives permission to Microsoft Sentinel to access your AWS logs.
@@ -213,6 +222,8 @@ The following instructions apply for public **Azure Commercial clouds** only. Fo
213
222
|**Name**| Example: "*MicrosoftSentinelRole*". | Choose a meaningful name that includes a reference to Microsoft Sentinel. |
214
223
215
224
225
+
1. Edit the new role's trust policy and add another condition:<br>`"sts:RoleSessionName": "MicrosoftSentinel_{WORKSPACE_ID)"`
226
+
216
227
1. Edit the new role's trust policy and add another condition:<br>`"sts:RoleSessionName": "MicrosoftSentinel_{WORKSPACE_ID)"`
0 commit comments