Protect S3 Buckets for an Already Registered AWS Source

If you have already registered your AWS account to protect Amazon RDS or Amazon EC2 workloads, then to protect the Amazon S3 bucket, you must perform the following steps:

For information on the prerequisites and considerations, see Amazon Ports and Account Requirements and Considerations.

  1. Choose an existing Amazon S3 bucket or create a new Amazon S3 bucket where you want the inventory report to be generated. The Amazon S3 bucket you choose must be in the same AWS account and cloud region as the Amazon S3 you want to protect.
  2. Grant the required permission for the Amazon S3 Inventory Report on the Amazon S3 bucket you choose to generate the report.
  3. Edit the registered AWS account:
    1. In DataProtect as a Service, navigate to Sources.
    2. Click the Actions menu () next to the AWS account and select Edit.
    3. In the Edit AWS Source form, select S3 in the AWS Services.

    4. Under Inventory Report Location, provide the following information to create the inventory report:

      • S3 buckets ARN: Enter the ARN of the Amazon S3 bucket where you want to create the inventory report. The ARN you provide must be of only those Amazon S3 buckets that are in the same AWS account and cloud region as the Amazon S3 you want to protect.

      • Prefix: Add a prefix value to the name of the inventory report that will be created.

        • The prefix can be of any character and can also include white spaces. For example, Report-Source Bucket.

        • The prefix should not begin or end with a forward slash (/) .

        • The prefix should not contain consecutive forward slashes.

        • You must not upload any files in the prefix of the inventory report.

      The inventory report will be created at <Prefix>/<Path_to_inventoy_report> when you initiate the protection. Cohesity creates the path to the inventory report on AWS based on the cluster, Amazon S3 bucket, and protection.

      SaaS connection is not required for Amazon S3 bucket protection.

    5. Click Next to generate a CloudFormation Template.

    6. Once the CloudFormation Template is generated, click Download to download the CloudFormation template.
    7. Go to your AWS account and update the CloudFormation template executed previously.
    8. Once the CloudFormation template is executed, go back to the Edit AWS Source form of the DataProtect as a Service UI and then click Update.

  4. Protect AWS S3 buckets.

    If the Amazon S3 bucket you want to protect is encrypted with SSE-KMS or DSSE-KMS, then for Cohesity to access the Amazon S3 bucket, you must add permission for KMS.