Creating an Identity and Access Management (IAM) user in the AWS Management Console
An Amazon administrator must create a user and then apply the
s3:listBucket and s3:getObject permissions to that
user in the AWS Management Console. The QRadar® user can then create a log
source in QRadar.
About this task
Sample policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::<bucket_name>",
"arn:aws:s3:::<bucket_name>/AWSLogs/<AWS_account_number>/<DSM_name>/us-east-1/*"
]
}
]
}
For more information about permissions that are related to bucket operations, go to the AWS documentation website.
Procedure
- Log in to the AWS Management Console as an administrator.
- Click Services.
- From the list, select IAM.
- Click .
- Create an Amazon AWS IAM user and then apply the AmazonS3ReadOnlyAccess policy.