home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Manual Onboarding

Step 8 - Create an IAM KMS Policy

Perform the following steps if the S3 bucket has KMS enabled.

  1. Click Services and select IAM.

  2. Select Policies and click Create Policy.

  3. Click the JSON tab.

  4. From an S3 bucket, obtain the KMS key for the KMS policy information.
    1. Click an S3 bucket.
    2. Click Bucket Properties.
    3. Scroll to the default encryption section and copy the AWS KMS key ARN.

      If different keys are assigned to buckets, you will need to add them under Resource in the policy information (step 5).

  5. Copy and paste the policy information:
    {
"Sid": "VisualEditor0", "Effect": "Allow", "Action": [
"kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey",
"kms:ReEncryptTo", "kms:DescribeKey", "kms:ReEncryptFrom"
],
"Resource": ["<AWS_KMS_key_ARN>"
]
}
  6. Click Review Policy.
  7. Name the policy lookout-kms-policy and click Create Policy.

Last updated: November 20, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.