Configure Custom Tracefile Storage

By default, any sysdig capture trace files created will be stored in Sysdig Monitor's AWS S3 bucket under a separate partition for your account.  You can optionally choose to configure storing trace files in your own S3 bucket by turning on "Use a custom S3 bucket" from the Settings > Sysdig Storage tab.

 

 

When you enter your own S3 bucket name you can click on the 'expand' link to see a custom IAM policy entry. Add this policy to your AWS IAM user account that is configured in the Settings > Cloud Providers in order to allow Sysdig Monitor  access to store trace files.  You can cut and paste from the Sysdig Storage tab or use the below copy. Be sure to replace "BUCKET_NAME" with your configured S3 bucket name. 

 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:Put*",
                "s3:List*",
                "s3:Delete*",
                "s3:Get*"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::BUCKET_NAME",
                "arn:aws:s3:::BUCKET_NAME/*"
            ]
        }
    ]
}

 

When enabled, you will have the option to select between "Sysdig Monitor Storage" or your own storage bucket when the Sysdig Capture pop-up window appears after you click the Sysdig Capture 'shovel' icon from the Explore page.

Have more questions? Submit a request