Using AWS-S3 bucket as a quarantine store for infected files

You can use the AWS-S3 bucket as a quarantine store for infected files if you have Symantec Protection Engine 8.2 or later installed on AWS EC2 instance. You can create a new S3 bucket or configure existing S3 bucket to use it as a quarantine store.
Step 1
Configure bucket policy.
Step 2
Encrypt the S3 bucket.
Step 3
Assign IAM Role to SPE EC2 instance.
XML modifications for the quarantine policy changes
To use the S3 bucket as a quarantine store for infected files, you need to modify the
configuration.xml
file and change the quarantine policy settings.
For more information about the quarantine settings, see Proxy and Quarantine Server.
For example:
<QuarantineServerSettings enabled="true"> <QuarantineType value="aws"/> <CloudStore location="Region=us-west-1::Bucketname=xxx"relativepath="<S3 bucket relative path>"/> </QuarantineServerSettings>
Configuring the bucket policy
You must configure the bucket policy for the S3 bucket that you want to use as a quarantine store. You must provide IAM role and bucket ARNs values in the policy. If you have deployed Symantec Protection Engine using CloudForamtion template, use the IAM role that CloudFormation template has created.
  1. To configure the bucket policy
  2. In the AWS console, select the S3 bucket >
    Permissions
    >
    Bucket Policy
    .
  3. In the JSON editor, as an example add the below policy. Here, “Resource” is the S3 bucket name and “Principal”  is the IAM Role name:
    { "Version": "2012-10-17", "Id": "Policy1573723xxxxxx", "Statement": [ { "Sid": "Sxxx1573723xxxxxx", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::089691xxxxxx:role/SPE-Quarantine" }, "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::spe-xxxxxxxxxx/*" } ] }
  4. Click
    Save
    .
  5. Encrypt the S3 bucket
    Enable Default Encryption (AWS- KMS Server Side Encryption with AWS KMS-Managed Keys) for S3 Bucket that you want to use as a quarantine store.
    To encrypt the S3 bucket
  6. In the AWS console, select the S3 bucket
    > Properties > Default encryption
    .
  7. Select
    AWS KMS
    .
  8. Select a key from the list.
    Ensure that the IAM role has the administrator permissions to manage this key. We recommend that you use the separate key for encrypting the S3 bucket for quarantine.
  9. Click
    Save
    .
  10. In the AWS console, select the EC2 instance
    > Actions > Instance Settings > Attach/Replace IAM Role
    .
  11. Select the IAM role from the list and click
    Apply
    .
  12. Assign IAM role to SPE EC2 instance
    After bucket policy is updated, you must assign IAM role to the EC2 instance where Symantec Protection Engine is installed. Ensure that the IAM role has the administrator permissions.
    To assign AIM role to SPE EC2 instance
  13. In the AWS console, select the EC2 instance >
    Actions
    >
    Instance Settings
    >
    Attach/Replace IAM Role
    .
  14. Select the IAM role from the list and click
    Apply
    .