Prerequisites

If you plan to configure detailed query statistics support, you must provide a bucket with read-write policy access for the query statistics data. You should use a new bucket for this purpose; do not use a cs-<ID> bucket where index files are written. You could use a bucket that holds your raw data files, but the ChaosSearch service must have write access to save the statistics data there.

In the policy for the target bucket, the following IAM permissions must be granted for ChaosSearch's policy:

s3:GetObject S3:GetObjectTagging s3:PutObject s3:PutObjectTagging s3:ListBucket s3:ListAllMyBuckets s3:GetBucketLocation s3:GetBucketEncryption

In addition, if audit stats will be enabled for the environment, a KMS encryption key is required on the read-write bucket for the stats data. (A KMS encryption key is highly recommended for query and/or ingest stats data is stored in the bucket.) The ChaosSearch role must also have the following permissions:

kms:Encrypt kms:Decrypt kms:GenerateDataKey

ChaosSearch does not require a lifecycle policy on the bucket. You should use a retention time that matches your site policies for keeping data for possible reporting time ranges.

Provide the target bucket's ARN to your Customer Success engineer to schedule a service engagement for configuration. If the bucket is used for multiple purposes, also provide a prefix path which aligns to your object organization strategies.