Method 1:

  1. Open the Storage Optimization Option Under 'Manage' in the side menu bar.  Storage optimization is turned off by default. This needs to be enabled manually for a bucket. It can also be turned off at any point later.

  1. Toggle the Button to enable optimization.

  2. Select a destination bucket in your Account in the same region as the bucket you are enabling analytics for in the popup.

  3. Click on Continue 

Note: It is advised not to provide any prefix if you want to analyze the entire bucket




  1. Once Inventory and Logging have been enabled, you will be prompted to copy the bucket policy to the target bucket.

  2. This will enable Insisive to access the inventory and logs of your bucket to analyze and provide recommendations.



Sample Policy


{

    "Id": "BucketPolicy",

    "Statement": [{

            "Action": "s3:GetObject",

            "Effect": "Allow",

            "Principal": {

                "AWS": "[Insisive Role ARN]"

            },

            "Resource": [

                "arn:aws:s3:::[Inventory Target]/*",

                "arn:aws:s3:::[Logs target]/*",

                "arn:aws:s3:::[Logs target]/cmp-athena-27/*"

            ],

            "Sid": "InsisivRoleGetObjectPolicy"

        },

        {

            "Action": [

                "s3:PutObject"

            ],

            "Condition": {

                "ArnLike": {

                    "aws:SourceArn": [

                        "arn:aws:s3:::[Source Bucket]"

                    ]

                },

                "StringEquals": {

                    "aws:SourceAccount": [

                        "[your aws account id]"

                    ],

                    "s3:x-amz-acl": "bucket-owner-full-control"

                }

            },

            "Effect": "Allow",

            "Principal": {

                "Service": "s3.amazonaws.com"

            },

            "Resource": "arn:aws:s3:::[Inventory Target]/*",

            "Sid": "InventoryPolicy"

        },

        {

            "Action": "s3:DeleteObject",

            "Effect": "Allow",

            "Principal": {

                "AWS": "arn:aws:iam::[Insisive role arn]"

            },

            "Resource": "arn:aws:s3:::[Inventory Target]/data/cmp-temp/*",

            "Sid": "InsisivRoleDeleteTempObjectPolicy"

        }

    ],

    "Version": "2008-10-17"

}



Method 2:


  1. Enable Inventory and Logging Via AWS Console

    1. Inventory Configuration can be enabled in Management Tab in S3.

    2. Select the following fields and set the inventory frequency to weekly

  1. Enable Server Access Logging in the bucket in Properties Tab in S3

    1. Ensure that the target bucket has S3 log delivery group enabled in Access Control List under Permissions Tab


  1. In Insisive Cloud Console Enable Analytics: Method 1 Step 1

  2. Default values will be automatically picked from your AWS account, and your S3 bucket will be analyzed based on the inventory and Logging Configurations.

  3. You will still have to copy the target bucket policies to the target bucket once Insisiv has enabled analytics.


Note: If your Inventory target and logs target buckets are different, ensure you copy the target bucket policies to both the target buckets.