PlatformProduct updates

AWS S3

How to create an AWS S3 user with policies, to connect to S3 accounts.

Create a policy

  • Sign in to the AWS Management Console and open the IAM console with the appropriate admin level account

  • In the navigation pane on the left, choose Policies and then choose Create policy

  • In the Policy editor section, find the Select a service section, then choose S3 service, and select Next. Once S3 service permissions are added, next, move on to IAM service

  • In Actions allowed, choose the below actions to add to the policy:

    • For scanning

      • IAM service

        • Read > GetUser

        • Read > GetPolicyVersion

        • Read > GetPolicy

        • Read > GetUserPolicy

        • List > ListUserPolicies

        • List > ListAttachedUserPolicies

      • S3 service

        • Read > GetBucketAcl

        • Read > GetBucketLocation

        • Read > GetObject

        • Read > GetObjectAcl

        • List > ListAllMyBuckets

        • List > ListBucket

    • For revoke permissions (S3 service)

      • Permission Management > PutBucketAcl

      • Permission Management > PutObjectAcl

    • For tagging (S3 service)

      • Write > DeleteObject

      • Write > PutObject

      • Tagging > DeleteObjectTagging

      • Tagging > PutObjectTagging

  • For Resources, choose All and select Create policy to save the new policy

Create a user

  • Sign in to the AWS Management Console and open the IAM console with the appropriate admin level account

  • In the navigation pane on the left, choose Users and then choose Create user

  • On the Specify user details page, under User details, in User name, enter the name for the new user, example S3-connector-user and select Next

  • On the Set permissions page, select Attach policies directly and choose the policy created in above steps

  • Select Next

  • Once the user is created, select it, and from the user page, choose Create access key

  • Select Other then Next

  • Enter a description if you wish and select Create access key

  • The Access and Secret Access Keys have now been created. These can be downloaded as a CSV, and also copied from this section. NOTE: the secret access key cannot be viewed once you leave this page

Configuring AWS S3 connector in Dashboard

  • Navigate to Administration -> Data Sources -> AWS S3 -> New scan

  • Provide the access key and secret access key values generated in the above steps

  • Click on the Folder icon in Path to select a particular bucket to scan, or leave the path as empty to scan all buckets

  • Save the configuration

  • Once the configuration is saved, click on the icon on the right and select Start file scan to begin the scanning

  • The results can be viewed under Dashboard -> Enterprise Search

PreviousAWS IAMNextAzure AD

Last updated

Was this helpful?