# AWS This integration allows you to send events from Halo Security to AWS S3 buckets or SQS queues, enabling automated workflows and custom processing within your AWS infrastructure. ## Connect Halo Security and AWS If you haven't already connected Halo Security and AWS for discovery, follow the instructions below: {% content-ref url="/pages/YIJx3jkrrXBpB18v68fW" %} [AWS](/docs/integrations/discovery-integrations/aws.md) {% endcontent-ref %} ### Add Policy Statements To allow Halo Security to write event data to AWS, you'll need to add the following statements to your AWS Policy: ```json { "Version": "2012-10-17", "Statement": [ { // Existing permissions ... }, { // For S3 "Sid": "HaloSecurityS3Write", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": "[Your S3 ARN, eg. arn:aws:s3:::xxx-halo-events/*]" }, { // For SQS "Sid": "HaloSecuritySQS", "Effect": "Allow", "Action": "sqs:SendMessage", "Resource": "[Your SQS ARN, eg. arn:aws:sqs:us-east-1:xxx:xxx-halo-events]" } ] } ``` {% hint style="info" %} Note: You'll need to add your own resource Amazon Resource Name (ARNs). Learn more about finding your ARNs in the [AWS documentation](https://docs.aws.amazon.com/managedservices/latest/userguide/find-arn.html). {% endhint %} ## Create Profiles Profiles determine how events are sent to AWS services. You can create multiple profiles to send different types of events to different AWS destinations. To create a profile: 1. Navigate to your AWS integrations **Profiles** tab 2. Click the "+" icon to add a new profile 3. Configure the profile settings: 1. **Name**: The name for your AWS profile 2. **Type**: Select the AWS service type 1. **S3**: Store events in an S3 bucket 2. **SQS**: Send events to an SQS queue 3. For SQS profiles: 1. **Queue URL**: The complete URL of your SQS queue (e.g., `https://sqs.us-east-1.amazonaws.com/123456789012/my-queue`) 2. **Region**: The AWS region where your queue is located (e.g., `us-east-1`) 4. For S3 profiles: 1. Bucket: The name of your S3 bucket (e.g., `my-security-events`) 2. Path: The path where files will be stored (e.g., `security-events/incoming/`) 3. Region: The AWS region where your bucket is located (e.g., `us-east-1`) 4. Click **Save Changes** ## Create Event Rules To send events to AWS, create Event Rules and add your AWS profile as an action. Visit *Events →* [Event Rules](https://app.halosecurity.com/user/settings/event-rules/) to set up rules that determine which Halo Security events are sent to your AWS S3 bucket or SQS queue. Learn more about configuring Event Rules at: {% content-ref url="/pages/QVrCXwRcuy8YWA5L25VR" %} [Event Rules](/docs/platform/events/alerts.md) {% endcontent-ref %} ### Use Cases * Trigger AWS Lambda functions in response to critical security events * Route events into DynamoDB for processing and reporting * Integrate security findings with existing AWS-based security information and event management (SIEM) systems * Create automated remediation workflows using AWS Step Functions * Feed security data into AWS Security Hub * Generate custom reports and dashboards using AWS QuickSight ### --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.halosecurity.com/docs/integrations/workflow-integrations/aws.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.