AWS S3 Beat IAM User Permissions

Prerequisites

• The bucket and SQS must be created in advance by the admin user. Steps given here.
• The bucket and SQS must be in the same region.
• Event notification to the SQS must be configured by the admin user. Steps given here.

IAM User Permissions Needed by AWS S3 Beat

• SQS Queue: The IAM User requires ReceiveMessage, DeleteMessage, and GetQueueUrl permissions to the SQS Queue.

• S3 Bucket: The IAM User or Role requires Read permission to the S3 bucket.

Add Permissions to a User

1. Log on to your AWS account.

2. On the top menu bar, click Services and use the search bar to search for IAM. Select IAM (Manage access to AWS resources)

   

3. On the side menu, click Users, and in the right pane, click Add user.
   

   

   
   
4. Set user details:
   1. Enter the name of the user you want to create in text bar.
   2. Under Access Type, select Programmatic access (you will use the generated access key id and secret key in the s3beat service).
   3. Click Next: Permissions.
5. Go to Attach existing policies directly
   
   1. Use the search bar to search for s3read and select AmazonS3ReadOnlyAccess.
   2. Click Create policy
      

      

      
      
6. Create the policy:
   1. On the Visual editor tab, select SQS from the Service drop-down menu.
      

      

   2. Select GetQueueUrl and ReceiveMessage from the Read drop-down menu under Access level.
      

      

      
      
   3. Select DeleteMessage from the Write drop-down menu under Access level.
      

      

   4. Select Specific and click Add ARN under the Resources drop-down menu.
      

      

      
      The Add ARN(s) dialog box displays.
   5. Provide the Region and then click Add.
      

      

      
      
   6. Click Next: Tags
      

      

      
      
   7. Click Next: Review
      

      

      
      
   8. Provide the name of the policy in Name and click Create policy.
      

      

      
      
   The policy has been created successfully. In the next step, we will embed this policy in the User IAM permissions.
   

   

   
   
7. After clicking the refresh icon on the top right corner, select the newly created policy from the search box as shown below.
   1. Click Next: Tags
      

      

8. Click Next: Review
   

   

   
   
9. The User details and Permissions summary will display in the Review section. Click Create user.
   

   

   
   

10. You have successfully created the user. Now, download the user credential by clicking Download .csv.

    

    You can retrieve the required access key and secret access key to be used in the AWS S3 Beat from the downloaded csv file.

    
    

    

    
    

11. Your user can now be shown with the following attached policies.