Prisma Cloud: Why is the S3:GetObject Permission needed.

Prisma Cloud: Why is the S3:GetObject Permission needed.

1062
Created On 02/06/23 23:00 PM - Last Modified 02/10/25 21:00 PM


Question


Why does Prisma Cloud use the S3:GetObject permission?

Environment


  • Prisma Cloud
  • Amazon Web Services

Answer


To successfully ingest aws-elasticbeanstalk-configuration-settings api, we need s3:GetObject permission to the buckets which contain these settings. Elastic Beanstalk creates an Amazon S3 bucket named elasticbeanstalk-region-account-id for each region in which elasticbeanstalk environments are created. 

So s3:GetObject permission has been added for "Resource": "arn:aws:s3:::elasticbeanstalk-*/*" The reason seems to be that, Elastic bean stalk stores some configuration settings in an s3 bucket.

We call elastic bean stalk's DescribeConfigurationSettings to ingest configuration settings. So we need s3:GetObject permission to ingest elastic bean resources.

Additional Information


View the AWS docs for Using Elastic Beanstalk with Amazon S3 here


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGq6CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail