Platform Product updates

AWS S3

How to create an AWS S3 user with policies, to connect to S3 accounts.

PreviousAWS IAM NextAzure AD

Last updated 3 months ago

Was this helpful?

Create a policy

Sign in to the AWS Management Console and open the IAM console with the appropriate admin level account
In the navigation pane on the left, choose Policies and then choose Create policy

In the Policy editor section, find the Select a service section, then choose S3 service, and select Next. Once S3 service permissions are added, next, move on to IAM service

In Actions allowed, choose the below actions to add to the policy:
- For scanning
  - IAM service
    Read > GetUser
    Read > GetPolicyVersion
    Read > GetPolicy
    Read > GetUserPolicy
    List > ListUserPolicies
    List > ListAttachedUserPolicies
  - S3 service
    Read > GetBucketAcl
    Read > GetBucketLocation
    Read > GetObject
    Read > GetObjectAcl
    List > ListAllMyBuckets
    List > ListBucket
- For revoke permissions (S3 service)
  - Permission Management > PutBucketAcl
  - Permission Management > PutObjectAcl
- For tagging (S3 service)
  - Write > DeleteObject
  - Write > PutObject
  - Tagging > DeleteObjectTagging
  - Tagging > PutObjectTagging

For Resources, choose All and select Create policy to save the new policy

Create a user

Sign in to the AWS Management Console and open the IAM console with the appropriate admin level account
In the navigation pane on the left, choose Users and then choose Create user

On the Specify user details page, under User details, in User name, enter the name for the new user, example S3-connector-user and select Next

On the Set permissions page, select Attach policies directly and choose the policy created in above steps

Select Next
Once the user is created, select it, and from the user page, choose Create access key

Select Other then Next

Enter a description if you wish and select Create access key

The Access and Secret Access Keys have now been created. These can be downloaded as a CSV, and also copied from this section. NOTE: the secret access key cannot be viewed once you leave this page

Configuring AWS S3 connector in Dashboard

Navigate to Administration -> Data Sources -> AWS S3 -> New scan

Provide the access key and secret access key values generated in the above steps

Click on the Folder icon in Path to select a particular bucket to scan, or leave the path as empty to scan all buckets

Save the configuration
Once the configuration is saved, click on the icon on the right and select Start file scan to begin the scanning

The results can be viewed under Dashboard -> Enterprise Search