How do I get copies of logs from Panther S3 buckets into my own AWS account S3 buckets?

Last updated: March 14, 2026

QUESTION

 How do I mirror the Panther S3 bucket where my logs live into my own AWS account?

ANSWER

  1. Contact Panther Support to request your Panther log data to be pushed to your S3 bucket. Provide the name of the bucket and the AWS account ID the bucket exists in.

    • Your bucket needs to have versioning enabled

    • Your bucket needs to be created in the same AWS region as your Panther instance

  2. Panther will then begin the internal IaC configuration and create the necessary IAM role used for replication. Once that role has been created, we will share the bucket policy that needs to be applied to your bucket.

  3. Apply this bucket policy to that bucket (replacing "destination" with the name of the bucket)

{
    "Version":"2012-10-17",
    "Id":"",
    "Statement":[
        {
            "Sid":"Set permissions for objects",
            "Effect":"Allow",
            "Principal":{
                "AWS":"arn:aws:iam::<Your_Panther_AWS_Account_ID>:role/panther-data-replication-role-<Your_Panther_AWS_Region>"
            },
            "Action":["s3:ReplicateObject", "s3:ReplicateDelete"],
            "Resource":"arn:aws:s3:::destination/*"
        },
        {
            "Sid":"Set permissions on bucket",
            "Effect":"Allow",
            "Principal":{
                "AWS":"arn:aws:iam::<Your_Panther_AWS_Account_ID>:role/panther-data-replication-role-<Your_Panther_AWS_Region>"
            },
            "Action":["s3:List*", "s3:GetBucketVersioning", "s3:PutBucketVersioning"],
            "Resource":"arn:aws:s3:::destination"
        }
    ]
}

  1. Panther will then provision the bucket replication.