Use * syntax for faster search

Table of Contents


Overview

Beeswax can deliver batch log data to customers' Amazon S3 accounts with the proper ACL permissions being added to your bucket policy. 

Please note the following information regarding Beeswax Data Center locations and batch log consumption: 

  • US-EAST-1, US-WEST-2, EU-WEST-1, and AP-NORTHEAST-1
  • If you deploy bidding instances to multiple regions, you must co-locate your buckets in each respective region to consume batch Auction Logs and Bid Logs
  • All data for batch Win, Conversion, and AdX Loss Logs will be delivered to US-EAST-1 regardless of where the bidding instance is deployed

How it Works

Log into your AWS account on the AWS Management Console and navigate to the S3 tab.

Create a new bucket, in the US Standard S3 region

  • Be sure to disable the “Requester Pays” feature as this will prevent Beeswax from placing log files into your bucket.
  • Make sure the bucket name is a DNS-compliant address. For example, the name should not include any underscores; use hyphens instead. For more information on S3 bucket name guidelines, see AWS Bucket Restriction and Limitation documentation.

Proceed with all AWS default options, (including ensuring that your bucket is not made public). Create the S3 bucket with these settings.

Navigate back to your new bucket and click on it to edit. Go to the 'Permissions' tab and click on 'Bucket Policy':

In the 'Bucket Policy Editor' pane, paste the following S3 read-only policy object (editing it to include your *<customer_bucket_name>* and *<folder/for/beeswax>* where appropriate) and click 'Save'.

Note: '<customer_bucket_name>' = 'customer s3 bucket on lines 11 and 25'
Note: '<folder/for/beeswax>' = 'folder for beeswax to write to /read from on lines 14 and 25'. If you are provisioning access to the entire bucket, you should remove the "Condition" param/object on lines 12-16. 

  1. {

"Version": "2012-10-17",

"Statement": [

{

"Sid": "AllowListBucketOfASpecificUserPrefix",

"Effect": "Allow",

"Principal": {

"AWS": "arn:aws:iam::164891057361:role/bee-prod"

},

"Action": "s3:ListBucket",

"Resource": "arn:aws:s3:::<customer_bucket_name>",

"Condition": {

"StringLike": {

"s3:prefix": "<folder/for/beeswax>/*"

}

}

},

{

"Sid": "AllowUserSpecificActionsOnlyInTheSpecificUserPrefix",

"Effect": "Allow",

"Principal": {

"AWS": "arn:aws:iam::164891057361:role/bee-prod"

},

"Action": "s3:*",

"Resource": "arn:aws:s3:::<customer_bucket_name>/<folder/for/beeswax>/*"

  1. }
  2. ]
  3. }

Your S3 bucket is now properly enabled.

Caveat: Beeswax default recommendation for client s3 buckets is Default Encryption = None. However, if encryption is a requirement then the recommendation from Beeswax is to utilize Default Encryption = AES-256; Beeswax does not currently support KMS encryption and log-distribution will be denied when KMS encryption is configured.

  • No labels
Provide feedback on this article