Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Creating an Identity and Access (IAM) User in the Amazon AWS User Interface when using the Amazon AWS REST API Protocol

 

An Amazon administrator must create a user and then apply the AmazonS3ReadOnlyAccess policy in the Amazon AWS user interface. The JSA user can then create a log source in JSA.

Note

Alternatively, you can assign more granular permissions to the bucket. The minimum required permissions are s3:listBucket and s3:getObject

  1. Create a user:
    1. Log in to the Amazon AWS user interface as administrator.

    2. Create an Amazon AWS IAM user and then apply the AmazonS3ReadOnlyAccess policy.

  2. Find the S3 bucket name and directory prefix that you use to configure a log source in JSA:
    1. Click Services.

    2. From the list, select CloudTrail.

    3. From the Trails page, click the name of the trail.

    4. Note the name of the S3 bucket that is displayed in the S3 bucket field.

    5. Click the Edit icon

    6. Click Advanced >>.

    7. Note the location path for the S3 bucket that is displayed below the Log file prefix field.

The JSA user is ready to configure the log source in JSA. The S3 bucket name is the value for the Bucket name field. The location path for the S3 bucket is the value for Directory prefix field.