Skip to main content

Illumio Segmentation for the Cloud User Guide

  • Illumio Segmentation for the Cloud User Guide
  • Reference
  • Add New S3 Bucket Destinations to an Existing AWS Flow Integration

Add New S3 Bucket Destinations to an Existing AWS Flow Integration

This topic describes how to add additional Amazon S3 bucket destinations to an existing AWS Flow integration.

Note

Use this workflow only if your integration already has permission to access one or more S3 buckets and you need to grant access to new buckets that contain flow logs.

Prerequisites

Before you begin, confirm that you have:

  • An existing AWS Flow integration stack deployed using AWS CloudFormation

  • The ARN(s) of the new S3 buckets you want to add

  • Your Illumio service account credentials (access key and secret)

Step 1: Configure the New Buckets in the Illumio Cloud Console

  1. Log in to the Illumio Cloud Console.

  2. Navigate to Onboarding → Flow Log Access.

  3. Select your existing AWS Flow integration.

  4. Click Grant Access.

    Note

    Click Grant Access only if you want to grant access to all S3 buckets.

    If you want to grant access only to specific buckets, you must manually specify them.

  5. Select your service account.

  6. Choose Download CFT file & manually run it in AWS.

    Warning

    Do not select Run CFT Now in AWS.

  7. Click Download CFT to download the updated CloudFormation template.Use the procedure to list your steps here.

Step 2: Update the CloudFormation Stack in AWS

  1. Log in to the AWS Management Console.

  2. Navigate to CloudFormation → Stacks.

  3. Select your existing flow integration stack.

    Example: IllumioCloudSecureFlowAccessStack2026-04-02T21-01-31-835Z

  4. Open the Update stack menu and select Make a direct update.

  5. Select Replace existing template.

  6. Select Upload a template file, then click Choose file and upload the downloaded CloudFormation template.

  7. Click Next.

  8. Verify that your service account access key and secret are populated.

    If they are not populated, enter them manually.

  9. Click Next.

  10. Scroll down to confirm the acknowledgment and click Next.

  11. Review the settings, scroll down, and click Submit.

Step 3: Verify the update

  1. In the AWS CloudFormation console, wait until the stack status changes to UPDATE_COMPLETE.

  2. Return to the Illumio Console.

  3. Confirm that the new S3 buckets now show Access Granted.