/
Steps for s3 Bucket Discovery & Classification with rclone

Steps for s3 Bucket Discovery & Classification with rclone

Owned by Space Sync for Confluence
Jul 04, 2023
8 min read

In order for us to classify files in s3 bucket we need to perform the below steps.

Kindly note that this document is a temporary solution till we have our connectors ready to discover and classify files residing on s3 bucket.

First and foremost, step is to download the rclone connector on the Focus machine.

pacman -Syyu rclone

Then execute below command

rclone config No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q> n Enter name for new remote. name> mappedS3 Option Storage. Type of storage to configure. Choose a number from below, or type in your own value. 1 / 1Fichier \ (fichier) 2 / Akamai NetStorage \ (netstorage) 3 / Alias for an existing remote \ (alias) 4 / Amazon Drive \ (amazon cloud drive) 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, Digital Ocean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi \ (s3) 6 / Backblaze B2 \ (b2) 7 / Better checksums for other remotes \ (hasher) 8 / Box \ (box) 9 / Cache a remote \ (cache) 10 / Citrix Sharefile \ (sharefile) 11 / Combine several remotes into one \ (combine) 12 / Compress a remote \ (compress) 13 / Dropbox \ (dropbox) 14 / Encrypt/Decrypt a remote \ (crypt) 15 / Enterprise File Fabric \ (filefabric) 16 / FTP \ (ftp) 17 / Google Cloud Storage (this is not Google Drive) \ (google cloud storage) 18 / Google Drive \ (drive) 19 / Google Photos \ (google photos) 20 / HTTP \ (http) 21 / Hadoop distributed file system \ (hdfs) 22 / HiDrive \ (hidrive) 23 / Hubic \ (hubic) 24 / In memory object storage system. \ (memory) 25 / Internet Archive \ (internetarchive) 26 / Jottacloud \ (jottacloud) 27 / Koofr, Digi Storage and other Koofr-compatible storage providers \ (koofr) 28 / Local Disk \ (local) 29 / Mail.ru Cloud \ (mailru) 30 / Mega \ (mega) 31 / Microsoft Azure Blob Storage \ (azureblob) 32 / Microsoft OneDrive \ (onedrive) 33 / OpenDrive \ (opendrive) 34 / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH) \ (swift) 35 / Pcloud \ (pcloud) 36 / Put.io \ (putio) 37 / QingCloud Object Storage \ (qingstor) 38 / SSH/SFTP \ (sftp) 39 / Sia Decentralized Cloud \ (sia) 40 / Storj Decentralized Cloud Storage \ (storj) 41 / Sugarsync \ (sugarsync) 42 / Transparently chunk/split large files \ (chunker) 43 / Union merges the contents of several upstream fs \ (union) 44 / Uptobox \ (uptobox) 45 / WebDAV \ (webdav) 46 / Yandex Disk \ (yandex) 47 / Zoho \ (zoho) 48 / premiumize.me \ (premiumizeme) 49 / seafile \ (seafile) Storage> s3 Option provider. Choose your S3 provider. Choose a number from below, or type in your own value. Press Enter to leave empty. 1 / Amazon Web Services (AWS) S3 \ (AWS) 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun \ (Alibaba) 3 / Ceph Object Storage \ (Ceph) 4 / China Mobile Ecloud Elastic Object Storage (EOS) \ (ChinaMobile) 5 / Cloudflare R2 Storage \ (Cloudflare) 6 / Arvan Cloud Object Storage (AOS) \ (ArvanCloud) 7 / Digital Ocean Spaces \ (DigitalOcean) 8 / Dreamhost DreamObjects \ (Dreamhost) 9 / Huawei Object Storage Service \ (HuaweiOBS) 10 / IBM COS S3 \ (IBMCOS) 11 / IDrive e2 \ (IDrive) 12 / Seagate Lyve Cloud \ (LyveCloud) 13 / Minio Object Storage \ (Minio) 14 / Netease Object Storage (NOS) \ (Netease) 15 / RackCorp Object Storage \ (RackCorp) 16 / Scaleway Object Storage \ (Scaleway) 17 / SeaweedFS S3 \ (SeaweedFS) 18 / StackPath Object Storage \ (StackPath) 19 / Storj (S3 Compatible Gateway) \ (Storj) 20 / Tencent Cloud Object Storage (COS) \ (TencentCOS) 21 / Wasabi Object Storage \ (Wasabi) 22 / Any other S3 compatible provider \ (Other) provider> 1 Option env_auth. Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank. Choose a number from below, or type in your own boolean value (true or false). Press Enter for the default (false). 1 / Enter AWS credentials in the next step. \ (false) 2 / Get AWS credentials from the environment (env vars or IAM). \ (true) env_auth> 1 Option access_key_id. AWS Access Key ID. Leave blank for anonymous access or runtime credentials. Enter a value. Press Enter to leave empty. access_key_id> <<your access key id>> Option secret_access_key. AWS Secret Access Key (password). Leave blank for anonymous access or runtime credentials. Enter a value. Press Enter to leave empty. secret_access_key> <<provide your access key>> Option region. Region to connect to. Choose a number from below, or type in your own value. Press Enter to leave empty. / The default endpoint - a good choice if you are unsure. 1 | US Region, Northern Virginia, or Pacific Northwest. | Leave location constraint empty. \ (us-east-1) / US East (Ohio) Region. 2 | Needs location constraint us-east-2. \ (us-east-2) / US West (Northern California) Region. 3 | Needs location constraint us-west-1. \ (us-west-1) / US West (Oregon) Region. 4 | Needs location constraint us-west-2. \ (us-west-2) / Canada (Central) Region. 5 | Needs location constraint ca-central-1. \ (ca-central-1) / EU (Ireland) Region. 6 | Needs location constraint EU or eu-west-1. \ (eu-west-1) / EU (London) Region. 7 | Needs location constraint eu-west-2. \ (eu-west-2) / EU (Paris) Region. 8 | Needs location constraint eu-west-3. \ (eu-west-3) / EU (Stockholm) Region. 9 | Needs location constraint eu-north-1. \ (eu-north-1) / EU (Milan) Region. 10 | Needs location constraint eu-south-1. \ (eu-south-1) / EU (Frankfurt) Region. 11 | Needs location constraint eu-central-1. \ (eu-central-1) / Asia Pacific (Singapore) Region. 12 | Needs location constraint ap-southeast-1. \ (ap-southeast-1) / Asia Pacific (Sydney) Region. 13 | Needs location constraint ap-southeast-2. \ (ap-southeast-2) / Asia Pacific (Tokyo) Region. 14 | Needs location constraint ap-northeast-1. \ (ap-northeast-1) / Asia Pacific (Seoul). 15 | Needs location constraint ap-northeast-2. \ (ap-northeast-2) / Asia Pacific (Osaka-Local). 16 | Needs location constraint ap-northeast-3. \ (ap-northeast-3) / Asia Pacific (Mumbai). 17 | Needs location constraint ap-south-1. \ (ap-south-1) / Asia Pacific (Hong Kong) Region. 18 | Needs location constraint ap-east-1. \ (ap-east-1) / South America (Sao Paulo) Region. 19 | Needs location constraint sa-east-1. \ (sa-east-1) / Middle East (Bahrain) Region. 20 | Needs location constraint me-south-1. \ (me-south-1) / Africa (Cape Town) Region. 21 | Needs location constraint af-south-1. \ (af-south-1) / China (Beijing) Region. 22 | Needs location constraint cn-north-1. \ (cn-north-1) / China (Ningxia) Region. 23 | Needs location constraint cn-northwest-1. \ (cn-northwest-1) / AWS GovCloud (US-East) Region. 24 | Needs location constraint us-gov-east-1. \ (us-gov-east-1) / AWS GovCloud (US) Region. 25 | Needs location constraint us-gov-west-1. \ (us-gov-west-1) region> eu-west-1 Option endpoint. Endpoint for S3 API. Leave blank if using AWS to use the default endpoint for the region. Enter a value. Press Enter to leave empty. endpoint> Option location_constraint. Location constraint - must be set to match the Region. Used when creating buckets only. Choose a number from below, or type in your own value. Press Enter to leave empty. 1 / Empty for US Region, Northern Virginia, or Pacific Northwest \ () 2 / US East (Ohio) Region \ (us-east-2) 3 / US West (Northern California) Region \ (us-west-1) 4 / US West (Oregon) Region \ (us-west-2) 5 / Canada (Central) Region \ (ca-central-1) 6 / EU (Ireland) Region \ (eu-west-1) 7 / EU (London) Region \ (eu-west-2) 8 / EU (Paris) Region \ (eu-west-3) 9 / EU (Stockholm) Region \ (eu-north-1) 10 / EU (Milan) Region \ (eu-south-1) 11 / EU Region \ (EU) 12 / Asia Pacific (Singapore) Region \ (ap-southeast-1) 13 / Asia Pacific (Sydney) Region \ (ap-southeast-2) 14 / Asia Pacific (Tokyo) Region \ (ap-northeast-1) 15 / Asia Pacific (Seoul) Region \ (ap-northeast-2) 16 / Asia Pacific (Osaka-Local) Region \ (ap-northeast-3) 17 / Asia Pacific (Mumbai) Region \ (ap-south-1) 18 / Asia Pacific (Hong Kong) Region \ (ap-east-1) 19 / South America (Sao Paulo) Region \ (sa-east-1) 20 / Middle East (Bahrain) Region \ (me-south-1) 21 / Africa (Cape Town) Region \ (af-south-1) 22 / China (Beijing) Region \ (cn-north-1) 23 / China (Ningxia) Region \ (cn-northwest-1) 24 / AWS GovCloud (US-East) Region \ (us-gov-east-1) 25 / AWS GovCloud (US) Region \ (us-gov-west-1) location_constraint> 6 Option acl. Canned ACL used when creating buckets and storing or copying objects. This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too. For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl Note that this ACL is applied when server-side copying objects as S3 doesn't copy the ACL from the source but rather writes a fresh one. Choose a number from below, or type in your own value. Press Enter to leave empty. / Owner gets FULL_CONTROL. 1 | No one else has access rights (default). \ (private) / Owner gets FULL_CONTROL. 2 | The AllUsers group gets READ access. \ (public-read) / Owner gets FULL_CONTROL. 3 | The AllUsers group gets READ and WRITE access. | Granting this on a bucket is generally not recommended. \ (public-read-write) / Owner gets FULL_CONTROL. 4 | The AuthenticatedUsers group gets READ access. \ (authenticated-read) / Object owner gets FULL_CONTROL. 5 | Bucket owner gets READ access. | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it. \ (bucket-owner-read) / Both the object owner and the bucket owner get FULL_CONTROL over the object. 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it. \ (bucket-owner-full-control) acl> 2 Option server_side_encryption. The server-side encryption algorithm used when storing this object in S3. Choose a number from below, or type in your own value. Press Enter to leave empty. 1 / None \ () 2 / AES256 \ (AES256) 3 / aws:kms \ (aws:kms) server_side_encryption> Option sse_kms_key_id. If using KMS ID you must provide the ARN of Key. Choose a number from below, or type in your own value. Press Enter to leave empty. 1 / None \ () 2 / arn:aws:kms:* \ (arn:aws:kms:us-east-1:*) sse_kms_key_id> Option storage_class. The storage class to use when storing new objects in S3. Choose a number from below, or type in your own value. Press Enter to leave empty. 1 / Default \ () 2 / Standard storage class \ (STANDARD) 3 / Reduced redundancy storage class \ (REDUCED_REDUNDANCY) 4 / Standard Infrequent Access storage class \ (STANDARD_IA) 5 / One Zone Infrequent Access storage class \ (ONEZONE_IA) 6 / Glacier storage class \ (GLACIER) 7 / Glacier Deep Archive storage class \ (DEEP_ARCHIVE) 8 / Intelligent-Tiering storage class \ (INTELLIGENT_TIERING) 9 / Glacier Instant Retrieval storage class \ (GLACIER_IR) storage_class> Edit advanced config? y) Yes n) No (default) y/n> n Configuration complete. Options: - type: s3 - provider: AWS - access_key_id: <<your access key id>> - secret_access_key: <<your secret access key>> - region: eu-west-1 - location_constraint: eu-west-1 - acl: public-read Keep this "mappedS3" remote? y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d> y

After these steps then install rclone fuse2

pacman -S rclone fuse2

inside of the file uncomment the below line

After these steps then perform the local mount operation using below command:

Example: rclone mount mappedS3:kpmg-files /mnt/tests2/ --allow-other --dir-cache-time 60s --daemon

Edit the smb.conf file and add the stanza as below

Then

Finally create a CIFS configuration as below, where username and password are of smb service:

Once scan is initiated, you should be seeing the results as below



 

Related content

Prerequisites for k3s on RHEL/CentOS/Oracle Linux
Prerequisites for k3s on RHEL/CentOS/Oracle Linux
GV-KnowledgeBase
Read with this
AWS S3 Connector
AWS S3 Connector
GV-KnowledgeBase
More like this
Getvisibility Reports
Getvisibility Reports
GV-KnowledgeBase
Read with this
Pattern Matching
Pattern Matching
GV-KnowledgeBase
Read with this
Focus Deployment Steps
Focus Deployment Steps
GV-KnowledgeBase
Read with this
Best Practices Document
Best Practices Document
GV-KnowledgeBase
Read with this

Classified as Getvisibility - Partner/Customer Confidential