Creating an Identity and Access Management (IAM) user in the AWS Management Console

An Amazon administrator must create a user and then apply the s3:listBucket and s3:getObject permissions to that user in the AWS Management Console. The QRadar® user can then create a log source in QRadar.

About this task

The minimum required permissions are s3:listBucket and s3:getObject. You can assign other permissions to the user as needed.

Sample policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket_name>",
                "arn:aws:s3:::<bucket_name>/AWSLogs/<AWS_account_number>/<DSM_name>/us-east-1/*"
            ]
        }
    ]
}

For more information about permissions that are related to bucket operations, go to the AWS documentation website.

Procedure

  1. Log in to the AWS Management Console as an administrator.
  2. Click Services.
  3. From the list, select IAM.
  4. Click Users > Add user.
  5. Create an Amazon AWS IAM user and then apply the AmazonS3ReadOnlyAccess policy.