Skip to content

Integrations

Algiz currently integrates seamlessly with Google Drive and S3. More integrations will be added soon. Stay tuned!

Integrations

Google Drive

Algiz Google Drive integration is easy to set up and essentially consists of only 2 steps.

Step 1: Configure domain-wide delegation

  1. Go to your Google Workspace Admin Console.

  2. Under Security → API Controls → Domain-wide delegation, select Add new

  3. Enter the Client ID given to you on the dashboard.

  4. Enter the scopes required that are given below:

https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/admin.directory.user.readonly

Step 2: Authorize Algiz to start monitoring your organization's Google Drive

By clicking the "Authorize" button, Algiz will immediately start scanning every new change within your Google Drive environment.

Amazon S3

Amazon S3 integration securely connects to your AWS environment with strict permissions to monitor only the buckets that you choose. This requires some interaction on client's side to make sure the AWS environment is correctly setup.

Step 1: Create an IAM role for listing the buckets

  1. Create an IAM role with s3:ListAllMyBuckets permissions and the following trust policy attached and enter its ARN below.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::370830769936:role/<uid>-algiz-s3-integration-role"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

ℹ <uid> will be a unique ID visible on your dashboard.

Step 2: Choose the buckets you would like to monitor

If everything is set up correctly in Step 1, Algiz will list the buckets in your account. You will be able to choose which buckets in your account you would like to monitor. After you select the buckets, click the Generate Policy button to generate an IAM policy.

Step 3: Attach permissions to the role for monitoring

a. Create an IAM permissions policy with the policy document generated. Example:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutBucketNotification"
      ],
      "Resource": [
        "arn:aws:s3:::bucket-name"
      ]
    },
    {
      "Sid": "VisualEditor1",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:GetObjectAcl"
      ],
      "Resource": [
        [
          "arn:aws:s3:::bucket-name"
        ]
      ]
    },
    {
      "Sid": "VisualEditor2",
      "Effect": "Allow",
      "Action": [
        "sns:CreateTopic",
        "sns:SetTopicAttributes",
        "sns:Subscribe",
        "sns:Unsubscribe",
        "sns:ListSubscriptionsByTopic"
      ],
      "Resource": "arn:aws:sns:*:<your-account-id>:algiz-sns-topic"
    }
  ]
}

⚠ NB! Don't forget to change <your-account-id> in the policy.

b. Attach the permissions policy to the role you created in Step 1.

Step 4: Authorize Algiz to start monitoring your organization's S3 buckets

When you are ready, click Authorize button to start monitoring the selected buckets.

ℹ It may take some time to provision the required resources for this operation. Once completed, you should see a message indicating which S3 buckets are being monitored.

Dropbox

Coming soon...