Documentation Version: er2.0.28-docs-1.1

Amazon S3 Buckets

ER2 supports Amazon S3 Buckets that use the following encryption methods:

  1. Server-side encryption with Amazon S3-managed encryption keys (SSE-S3)

  2. Server-side encryption with AWS KMS-managed keys (SSE-KMS)
  3. Server-side encryption with customer-provided encryption keys (SSE-C)

To add Amazon S3 Buckets as Targets:

  1. Get AWS User Security Credentials
  2. Set up Amazon S3 Bucket as Target location

To scan specific objects in the Target Bucket, see Edit Amazon S3 Bucket Target Path.

Instructions for configuring a cloud service account's security settings are provided here for the user's convenience only. For the most up-to-date instructions, please consult the cloud service provider's official documentation.

General Requirements

Get AWS User Security Credentials

  1. Log into the AWS IAM console.
  2. On the left of the page, click Users and select an IAM user with full access to the Target Amazon S3 Bucket.

  3. On the User page, click on the Security Credentials tab. The tab displays the user's existing Access Keys.

  4. Click Create Access Key. A dialog box appears, displaying a new set of User security credentials. This consists of an Access Key ID and a Secret Access Key.
  5. Click Download Credentials to save the User security credentials in a secure location, or write it down in a safe place. You cannot access this set of credentials once the dialog box is closed.

Save your new Access Key set. Once this window is closed, you cannot access this Secret Access Key.

Set up Amazon S3 Bucket as Target location

  1. From the New Search page, Add Targets.
  2. In the Select Target Type dialog box, select Amazon S3.
  3. In the Amazon S3 Details section, fill in the following fields:

    Field Description
    Bucket Name


    The name of the Target Amazon S3 Bucket.

    To scan specific objects within your Amazon S3 Bucket, see Edit Amazon S3 Bucket Target Path.
    Credential Label

    Enter a descriptive label for the credential set.


    Enter the user name in the following format: <region>/<access_key_id>

    For example, ap-southeast-1/AKIAIOSFODNN7EXAMPLE

    PasswordEnter the Secret Access Key obtained in Get AWS User Security Credentials

    For example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
    Private Key

    Upload the file containing the customer-provided 256-bit encryption key.

    Only required for Amazon S3 Buckets that use the server-side encryption with customer-provided encryption keys (SSE-C) method for object encryption.

    For example, my_amazon_key.txt

    Agent to act as a proxy host

    Select a Proxy Agent host with direct Internet access.

    Encrypt the Connection via SSL

    Select this option to encrypt the connection with SSL.

    Please check if your AWS administrator has a set of IAM access keys for your use. AWS advises against using AWS root credentials. Use IAM whenever possible. For more information, see the AWS official documentation.
  4. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.

  5. Click Commit to add the Target.

Get Region Properties for Amazon S3 Bucket

To determine the Region information where an Amazon S3 Bucket is stored:

  1. Log onto the Amazon S3 Management Console.
  2. In the left panel, click on Buckets to see the list of all available Amazon S3 Buckets.
  3. The Region column displays the region name where the Amazon S3 Bucket is stored. For example, Asia Pacific (Singapore).
  4. Go to the AWS Regions and Endpoints page.
  5. Get the corresponding Region for the Amazon S3 Bucket.

    For Amazon S3 Bucket A, the "Region" information obtained from the Amazon S3 Management Console is Asia Pacific (Singapore). The corresponding region value to be entered into the Username field is ap-southeast-1.

Edit Amazon S3 Bucket Target Path

To scan a specific object in the Amazon S3 Bucket:

  1. Set up Amazon S3 Bucket as Target location.
  2. In the Select Locations section, select your Amazon S3 Bucket Target location and click Edit.
  3. In the Edit Amazon S3 Bucket Location dialog, enter the Path to scan. Use the following syntax:

    Path Syntax
    Whole Bucket <BucketName>
    Specific folder in Bucket <BucketName/folder_name>
    Specific file in Bucket <BucketName[/folder_name]/filename.txt>
  4. Click Test and then Commit to save the path to the Target location.