AWS S3 Beat IAM User Permissions
Prerequisites
- The bucket and SQS must be created in advance by the admin user. Steps given here.
- The bucket and SQS must be in the same region.
- Event notification to the SQS must be configured by the admin user. Steps given here.
IAM User Permissions Needed by AWS S3 Beat
SQS Queue: The IAM User requires the following permissions to access the SQS Queue:
- ReceiveMessage: grants the ability to receive data from the SQS queue.
- DeleteMessage: grants the ability to delete messages from the SQS queue once data is read to avoid data duplicity.
- GetQueueUrl: grants the ability to get SQS queue information using the Queue URL.
S3 Bucket: The IAM User or Role requires the Read permission to the S3 bucket to download S3 files and read them for data.
Add Permissions to a User
Log on to your AWS account.
On the top menu bar, click Services and use the search bar to search for IAM. Select IAM (Manage access to AWS resources)
- On the side menu, click Users, and in the right pane, click Add user.
- Set user details:
- Enter the name of the user you want to create in text bar.
- Under Access Type, select Programmatic access (you will use the generated access key id and secret key in the s3beat service).
- Click Next: Permissions.
- Go to Attach existing policies directly
- Use the search bar to search for s3read and select AmazonS3ReadOnlyAccess.
- Click Create policy
- Create the policy:
- On the Visual editor tab, select SQS from the Service drop-down menu.
- Select GetQueueUrl and ReceiveMessage from the Read drop-down menu under Access level.
- Select DeleteMessage from the Write drop-down menu under Access level.
- Select Specific and click Add ARN under the Resources drop-down menu.
The Add ARN(s) dialog box displays. - Provide the Region and then click Add.
- Click Next: Tags
- Click Next: Review
- Provide the name of the policy in Name and click Create policy.
- On the Visual editor tab, select SQS from the Service drop-down menu.
- After clicking the refresh icon on the top right corner, select the newly created policy from the search box as shown below.
- Click Next: Tags
- Click Next: Tags
- Click Next: Review
- The User details and Permissions summary will display in the Review section. Click Create user.
You have successfully created the user. Now, download the user credential by clicking Download .csv.
You can retrieve the required access key and secret access key to be used in the AWS S3 Beat from the downloaded csv file.- Your user can now be shown with the following attached policies.