https://github.com/pegasystems/log-streaming-tools
https://github.com/pegasystems/log-streaming-tools
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/pegasystems/log-streaming-tools
- Owner: pegasystems
- License: apache-2.0
- Created: 2024-06-18T17:41:01.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2024-10-04T12:19:51.000Z (almost 2 years ago)
- Last Synced: 2025-07-05T14:43:38.721Z (about 1 year ago)
- Language: Shell
- Size: 28.3 KB
- Stars: 2
- Watchers: 4
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# log-streaming-tools
This script validates customer S3 logs bucket policy and KMS key policy to allow pega logging service to forward logs to the destination customer bucket
### [Validation Script](validate-logging-role.sh)
#### Parameters
* **pegaRoleArn:** enter the Pega service IAM Role Arn provided by pega to customer
* **bucketName:** enter the customer logs bucket name
* **kmsKeyArn:** enter the customer KMS key arn used by customer on S3 bucket
#### Example Output
```
// ensure you are signed into your AWS account with correct AWS profile
// execute the script from the terminal and answer the following prompts:
$ ./validate-logging-role.sh
$ Enter pega Service IAM Role ARN you want to trust: {pegaRoleArn}
$ Enter your S3 logs bucket name: {bucketName}
$ Enter your KMS ARN to encrypt your logs bucket: {kmsKeyArn}
==== Check S3 bucket policy ====
Pass: Found principal match
Pass: Found actions match
Pass: Found resource match
==== Check S3 bucket encryption ====
Pass: Bucket is encrypted with exepcted kms key
Pass: kms key is enabled
Pass: kms key is symmetric
==== Check KMS Key policy ====
Pass: kms policy does exist on the provided KMS key
Pass: kms policy principal match
Pass: kms policy action:GenerateDataKey* match
```