Skip to main content

Data Streaming (J1DS)

JupiterOne Data Streaming (J1DS) streams entity and relationship changes from your JupiterOne graph to an Amazon S3 bucket, giving you real-time access to your data changes outside JupiterOne.

Requirements

  • A JupiterOne account with the J1DS entitlement
  • Administrator access to your JupiterOne account
  • An Amazon S3 bucket in the same AWS region as your JupiterOne deployment
  • Your 12-digit AWS Account ID
  • The S3 bucket name

Configuring Your S3 Bucket Policy

Before enabling data streaming, you must add a bucket policy to your S3 bucket that grants JupiterOne write access. Without this policy, the Test Connection step will fail.

Add the following policy to your S3 bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowJupiterOneDataStreaming",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<JUPITERONE_AWS_ACCOUNT>:role/jupiterone-data-streaming"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::<YOUR_BUCKET_NAME>/jupiterone/*",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "true"
                }
            }
        }
    ]
}

Replace the placeholders:

  • <JUPITERONE_AWS_ACCOUNT> — JupiterOne's AWS account ID, provided to you during setup.
  • <YOUR_BUCKET_NAME> — the name of your S3 bucket.
info

The role name jupiterone-data-streaming is the same for all deployments — do not change it. This policy grants JupiterOne write-only access (s3:PutObject) to the jupiterone/* prefix in your bucket and requires encrypted transport.

Enabling Data Streaming

  1. Navigate to Settings > Data Streaming.
  2. Check Enable integration.
  3. Enter your S3 Bucket Name.
  4. Enter your AWS Account ID (12 digits).
  5. Check the region confirmation checkbox to confirm your S3 bucket is in the same region as your JupiterOne deployment.
  6. Click Test Connection — the test must succeed before you can save.
  7. Click Save.
note

You must successfully run Test Connection before saving for the first time. The Save button is not enabled until the connection test passes.

What Happens When You Enable Data Streaming

  • JupiterOne begins capturing changes to entities and relationships in your graph.
  • Changes are streamed to your S3 bucket.
  • Only changes from the point of enablement forward are captured — there is no historical backfill.

Disabling Data Streaming

  1. Navigate to Settings > Data Streaming.
  2. Uncheck Enable integration.
  3. Click Save.

Streaming stops and no new data is written to your bucket. Existing data in your S3 bucket is not affected or deleted.

Re-enabling Data Streaming

warning

Re-enabling data streaming starts fresh. Changes that occurred while streaming was disabled are not retroactively captured. Only new changes going forward will be streamed.

To re-enable, follow the same steps described in Enabling Data Streaming.

Contents