Creating an Identity and Access (IAM) User in the Amazon AWS User Interface when using the Amazon AWS REST API Protocol
An Amazon administrator must create a user and then apply the AmazonS3ReadOnlyAccess policy in the Amazon AWS user interface. The JSA user can then create a log source in JSA.
Alternatively, you can assign more granular permissions to the bucket. The minimum required permissions are s3:listBucket and s3:getObject
- Create a user:
Log in to the Amazon AWS user interface as administrator.
Create an Amazon AWS IAM user and then apply the AmazonS3ReadOnlyAccess policy.
- Find the S3 bucket name and directory prefix that you
use to configure a log source in JSA:
From the list, select CloudTrail.
From the Trails page, click the name of the trail.
Note the name of the S3 bucket that is displayed in the S3 bucket field.
Click the Edit icon
Click Advanced >>.
Note the location path for the S3 bucket that is displayed below the Log file prefix field.
The JSA user is ready to configure the log source in JSA. The S3 bucket name is the value for the Bucket name field. The location path for the S3 bucket is the value for Directory prefix field.