# AWS This integration allows you to send events from Halo Security to AWS S3 buckets or SQS queues, enabling automated workflows and custom processing within your AWS infrastructure. ## Connect Halo Security and AWS If you haven't already connected Halo Security and AWS for discovery, follow the instructions below: {% content-ref url="../discovery-integrations/aws" %} [aws](https://docs.halosecurity.com/docs/integrations/discovery-integrations/aws) {% endcontent-ref %} ### Add Policy Statements To allow Halo Security to write event data to AWS, you'll need to add the following statements to your AWS Policy: ```json { "Version": "2012-10-17", "Statement": [ { // Existing permissions ... }, { // For S3 "Sid": "HaloSecurityS3Write", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": "[Your S3 ARN, eg. arn:aws:s3:::xxx-halo-events/*]" }, { // For SQS "Sid": "HaloSecuritySQS", "Effect": "Allow", "Action": "sqs:SendMessage", "Resource": "[Your SQS ARN, eg. arn:aws:sqs:us-east-1:xxx:xxx-halo-events]" } ] } ``` {% hint style="info" %} Note: You'll need to add your own resource Amazon Resource Name (ARNs). Learn more about finding your ARNs in the [AWS documentation](https://docs.aws.amazon.com/managedservices/latest/userguide/find-arn.html). {% endhint %} ## Create Profiles Profiles determine how events are sent to AWS services. You can create multiple profiles to send different types of events to different AWS destinations. To create a profile: 1. Navigate to your AWS integrations **Profiles** tab 2. Click the "+" icon to add a new profile 3. Configure the profile settings: 1. **Name**: The name for your AWS profile 2. **Type**: Select the AWS service type 1. **S3**: Store events in an S3 bucket 2. **SQS**: Send events to an SQS queue 3. For SQS profiles: 1. **Queue URL**: The complete URL of your SQS queue (e.g., `https://sqs.us-east-1.amazonaws.com/123456789012/my-queue`) 2. **Region**: The AWS region where your queue is located (e.g., `us-east-1`) 4. For S3 profiles: 1. Bucket: The name of your S3 bucket (e.g., `my-security-events`) 2. Path: The path where files will be stored (e.g., `security-events/incoming/`) 3. Region: The AWS region where your bucket is located (e.g., `us-east-1`) 4. Click **Save Changes** ## Create Event Rules To send events to AWS, create Event Rules and add your AWS profile as an action. Visit *Events →* [Event Rules](https://app.halosecurity.com/user/settings/event-rules/) to set up rules that determine which Halo Security events are sent to your AWS S3 bucket or SQS queue. Learn more about configuring Event Rules at: {% content-ref url="../../platform/events/alerts" %} [alerts](https://docs.halosecurity.com/docs/platform/events/alerts) {% endcontent-ref %} ### Use Cases * Trigger AWS Lambda functions in response to critical security events * Route events into DynamoDB for processing and reporting * Integrate security findings with existing AWS-based security information and event management (SIEM) systems * Create automated remediation workflows using AWS Step Functions * Feed security data into AWS Security Hub * Generate custom reports and dashboards using AWS QuickSight ###