What Changed

The existing Amazon Web Services S3 Data Connector previously offered only a PowerShell script for AWS-side resource provisioning. This PR adds a parallel CloudFormation Infrastructure-as-Code path under DataConnectors/AWS-S3/CloudFormation/, covering five deployment scenarios:

  • CloudTrail — provisions S3 bucket, SQS queue, bucket policy, and SQS event notifications for CloudTrail log delivery; optionally creates a new bucket or attaches to an existing one. IAM role name must begin with OIDC_.
  • CloudWatch — two-template flow: first template creates the S3 bucket and SQS queue for CloudWatch log exports; second template deploys a Lambda-based exporter with configurable schedule (default 15-minute run/window) and optional log group prefix filter to scope which CloudWatch log groups are exported.
  • VPC Flow Logs — provisions S3 bucket and SQS queue for VPC Flow Log delivery; configures bucket policy and event notifications. Requires manual VPC Flow Log configuration pointing at the provisioned bucket.
  • GuardDuty — provisions S3 bucket with KMS encryption, SQS queue, and bucket policy for GuardDuty findings export. KMS key alias is a required parameter; GuardDuty findings export must be configured manually in the GuardDuty console.
  • OpenID — standalone template to establish the OIDC trust relationship in the AWS account, required before any of the above connectors can authenticate via the Microsoft Sentinel-managed OIDC identity.

Security Impact (Visibility and Fidelity)

This change does not affect data ingestion fidelity, connector logic, or detection coverage. It provides an alternative provisioning path for environments where AWS resources must be deployed through approved IaC workflows rather than ad-hoc scripts. Existing PowerShell-based deployments are unaffected.

The OIDC-based IAM role pattern (role names enforced to begin with OIDC_) is consistent with the existing connector authentication model — no new IAM permission scope is introduced.

Affected Files

DataConnectors/AWS-S3/CloudFormation/CloudTrail/README.md
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture1.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture14.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture15.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture16.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture17.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture2.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture3.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture4.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture5.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture6.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture7.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture8.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/images/Picture9.png
DataConnectors/AWS-S3/CloudFormation/CloudTrail/template_2_AWS_CloudTrail_resources_deployment.json
DataConnectors/AWS-S3/CloudFormation/CloudWatch/README.md
DataConnectors/AWS-S3/CloudFormation/CloudWatch/images/Picture1.png
DataConnectors/AWS-S3/CloudFormation/CloudWatch/images/Picture10.png
DataConnectors/AWS-S3/CloudFormation/CloudWatch/images/Picture11.png
DataConnectors/AWS-S3/CloudFormation/CloudWatch/images/Picture2.png
DataConnectors/AWS-S3/CloudFormation/CloudWatch/images/Picture3.png
DataConnectors/AWS-S3/CloudFormation/CloudWatch/images/Picture4.png
DataConnectors/AWS-S3/CloudFormation/CloudWatch/images/Picture5.png
DataConnectors/AWS-S3/CloudFormation/CloudWatch/images/Picture6.png
DataConnectors/AWS-S3/CloudFormation/CloudWatch/images/Picture7.png
DataConnectors/AWS-S3/CloudFormation/CloudWatch/images/Picture8.png
DataConnectors/AWS-S3/CloudFormation/CloudWatch/images/Picture9.png
DataConnectors/AWS-S3/CloudFormation/CloudWatch/template_2_AWS_CloudWatch_resources_deployment.json
DataConnectors/AWS-S3/CloudFormation/CloudWatch/template_3_AWS_CloudWatch_resources_deployment.json
DataConnectors/AWS-S3/CloudFormation/Flow Logs/README.md
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture1.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture10.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture11.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture12.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture13.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture14.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture15.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture16.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture17.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture18.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture19.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture2.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture3.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture4.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture5.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture6.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture7.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture8.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/images/Picture9.png
DataConnectors/AWS-S3/CloudFormation/Flow Logs/template_2_AWS_VPC_Flow_Logs_resources_deployment.json
DataConnectors/AWS-S3/CloudFormation/GuardDuty/README.md
DataConnectors/AWS-S3/CloudFormation/GuardDuty/images/Picture1.png
DataConnectors/AWS-S3/CloudFormation/GuardDuty/images/Picture10.png
DataConnectors/AWS-S3/CloudFormation/GuardDuty/images/Picture11.png
DataConnectors/AWS-S3/CloudFormation/GuardDuty/images/Picture2.png
DataConnectors/AWS-S3/CloudFormation/GuardDuty/images/Picture3.png
DataConnectors/AWS-S3/CloudFormation/GuardDuty/images/Picture4.png
DataConnectors/AWS-S3/CloudFormation/GuardDuty/images/Picture5.png
DataConnectors/AWS-S3/CloudFormation/GuardDuty/images/Picture6.png
DataConnectors/AWS-S3/CloudFormation/GuardDuty/images/Picture7.png
DataConnectors/AWS-S3/CloudFormation/GuardDuty/images/Picture8.png
DataConnectors/AWS-S3/CloudFormation/GuardDuty/images/Picture9.png
DataConnectors/AWS-S3/CloudFormation/GuardDuty/template_2_AWS_GuardDuty_resources_deployment.json
DataConnectors/AWS-S3/CloudFormation/OpenID/README.md
DataConnectors/AWS-S3/CloudFormation/OpenID/Template 1_ OpenID connect authentication deployment.json
DataConnectors/AWS-S3/CloudFormation/OpenID/images/Picture1.png
DataConnectors/AWS-S3/CloudFormation/OpenID/images/Picture2.png
DataConnectors/AWS-S3/CloudFormation/OpenID/images/Picture3.png
DataConnectors/AWS-S3/CloudFormation/OpenID/images/Picture4.png
DataConnectors/AWS-S3/CloudFormation/OpenID/images/Picture5.png
DataConnectors/AWS-S3/CloudFormation/OpenID/images/Picture6.png
DataConnectors/AWS-S3/CloudFormation/OpenID/images/Picture7.png