Description

SailPoint® is excited to announce that you can now use the Configuration Hub cloud storage feature to automatically transfer your Identity Security Cloud(ISC) configuration settings backups and deployments artifacts to your own AWS S3 bucket!

The configuration hub Cloud Storage feature allows admins with Configuration Hub Admin user level, to configure AWS S3 bucket on their corporate AWS accounts, which, config hub will automatically transfer all the artifacts to, as they are being created (configuration backups, deployment logs and deployed draft config).

New Capabilities

The new automated transfer process significantly simplifies the way customers can access and retain their ISC configuration settings on their preferred storage location. It eliminates the need to develop scripts that call multiple SailPoint API endpoints.

In the config hub menu, find the new feature under: Advanced Settings > Cloud Storage

Problem

Customers needed an easy away to continuously transfer backups of configuration settings of their production tenants, and store these on their preferred organization storage, so, they can easily access and manage the retention of their tenant configuration backups.

This feature also enables customers to build pipelines using AWS S3, to sync their tenant configuration settings to another geographical region for DR testing purposes.

Solution

Currently, the only supported cloud storage is AWS S3. First, add the required policy to your S3 bucket within AWS where your Configuration Hub artifacts will be transferred to. Then, as a Configuration Hub Admin you will need to provide the S3 bucket name and enable the sync feature.

Accessing the Configuration Hub Cloud storage with user level Configuration Hub Admin

S3 bucket setup in AWS

Configuration Hub - Connect to AWS S3 bucket

Sync Files

Sync Files1198×745 56.6 KB

Who is affected?

This feature is available to all ISC customers.

Action Required

This feature requires granting the additional Configuration Hub Admin user level to relevant admins and is not available by default to all Org Admins.

Important Dates

• Rollout to staging during the week of August 26th.

• Rollout to Production tenants during the week of September 2nd

Customer Communications

SaaS Updates | Developer Community | Documentation

This is great, @yael_kadoshi!

It’s been a while since I’ve messed with config hub, but is this something that could be used to programmatically back up artifacts like source configs?

My main use case is taking a backup of a specific source whenever it is modified, triggered by the source update event trigger.

@mcheek This is our plan to eventually enable automation so customers can create their own CICD pipelines around configuration changes. The future vision is that backups will be driven by change events.
We are working to publish more configuration hub APIs in the coming weeks, so, customers can manage backups, drafts and deployments.
our plans for APIs are:

• list backups, delete user backups, schedule backups (limited scheduling)
• list drafts, delete drafts, prepare draft (limited scheduling), deploy a draft

That’s great to hear. One of my challenges currently with audit controls is the ability to show evidence to our auditors that source configurations either have not changed during an audit period or documenting each configuration change during that same period

@mcheek Our teams are also working to improve the audit events, especially for sources, so you should see very soon, huge improvements to the sources audit events which includes changes that have been made