Skip to content

Configuration Hub Cloud Storage

Configuration Hub offers the ability to transfer artifacts to your AWS S3 cloud storage target location in order to access them locally and retain them for as long as needed.

It allows you to automatically transfer backups and deployment artifacts to the configured target storage location and track the status of artifact transfers in the Activity Log.

After configuring cloud storage for your tenant, you can use Configuration Hub to test the connection to your cloud storage location.

Configuring Cloud Storage in AWS

Complete the following steps to set up an AWS S3 bucket for cloud storage:

  1. You must first create or locate an existing S3 bucket within AWS where your Configuration Hub artifacts will be transferred to.

    Note

    The AWS S3 bucket must be in the same AWS region as your Identity Security Cloud SailPoint tenant.

  2. Add the following policy to your bucket. This policy only allows Configuration Hub to transfer files to your bucket. 

    {
"Version": "2012-10-17",
"Statement": [
    {
    "Sid": "SailPointCloudStorageWritePermission",
    "Effect": "Allow",
    "Principal": {
        "AWS": "arn:aws:iam::<sailpoint_aws_id>:root"
    },
    "Action": "s3:PutObject",
    "Resource": "arn:aws:s3:::<your-s3-bucket-name>/*"
    }
]
}

    Note

    Configuration Hub will not be able to read or delete any artifacts.

    Important

    Be sure to replace your-s3-bucket-name with your AWS S3 bucket’s name. sailpoint_aws_id is SailPoint’s AWS Account ID. You can receive SailPoint's AWS Account ID by submitting a ticket with SailPoint Support.

Configuring Cloud Storage in Configuration Hub

Note

You must have the Configuration Hub Admin user level to access the cloud storage feature.

  1. On the Cloud Storage page of Configuration Hub, provide a name for your AWS S3 bucket.
  2. Select Save to save the configuration name.

Testing the Cloud Storage Connection

To test if your configured cloud storage is accessible, select the Test Connection button. A green notification appears if the connection was successful. This will transfer a test file named "sailpoint-config-hub-transfer-test.json" to the root directory of your target cloud storage location.

Note

If you do not see the file or there is an error notification in Configuration Hub, verify that the bucket name and the policy are correct.

Syncing Files

To enable the automated transfer of artifacts, set the toggle switch to Enabled.

Now that cloud storage is successfully configured and enabled for your tenant, new backups and deployment artifacts will automatically be transferred to your cloud storage.

The transferred artifacts should appear in the following folders:

  • /sp-config-backups/<tenant>
  • /sp-config-deploy/<tenant>
  • /sp-config-deploy/<tenant>/historicalDrafts

Note

Successful deployments will transfer both the deployment log and the draft configuration file used in the deployment. The draft files will be located in sp-config-deploy/<tenant> under "historicalDrafts".

If there were any backups or deployments that were completed before setting up your cloud storage, they will not be automatically transferred.

To transfer them, verify the Enabled toggle is active and select Sync in the Sync Files section of the page.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.