Configure cloud storage
This is an Early Access feature. To enable it, contact Okta Support.
You can configure a gateway to automatically upload logs to Amazon Web Services (AWS) S3 or Google Cloud Platform either in addition to or instead of local storage. While temporary local storage is always required, you can control where logs are stored permanently.
You can add the following configuration block to /etc/sft/sft-gatewayd.yaml to configure cloud (Type: gcs) and local (Type: file) storage for a gateway:
# Add this configuration block to /etc/sft-gatewayd/sft-gatewayd.yaml
- Type: file
- Type: s3
# The following may be optional. The AWS SDK can retrieve these from the env or IAM role if running the gateway on AWS.
- Type: gcs
# The following may be optional. The GCP SDK can retrieve these from the env or cloud machine roles if running the gateway on GCP.
# These are the credentials that you'll download from GCP in JSON.
"private_key_id": "<key id>",
"private_key": "<some private key>",
Change the values in the configuration block to match your deployment.
You can add as many log destinations as you like. Log files are sent to their destinations in the order that they appear in your configuration. Logs are copied to these destinations after an SSH session ends.