Access Keys

Access keys consist of an access key ID (Example: AKIAIOSFODNN7EXAMPLE) and a secret access key (Example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). Access keys are used to sign programmatic requests that you make to AWS if you use the AWS SDKs, REST, or Query APIs.

If you already have a user with programmatic access enabled, then the user's access key ID and secret access key can be used to configure your account in Cloud Security Plus. However, we recommend that you create a new IAM user with the necessary permissions exclusively for Cloud Security Plus. For more details, refer this link.

Necessary Permissions

Cloud Security Plus uses CloudTrail logs delivered to an Amazon S3 bucket as the primary data source. Each log file delivery pushes a message to an SQS queue using the SNS service. Therefore, reading the logs from your AWS account would require permissions to read from the queue, publish to SNS and read from the bucket.

If you wish to configure Cloud Security Plus to collect S3 server access logs as well, then additional permissions to create a bucket and delete the bucket would be needed.

Note : If log file encryption is enabled for the CloudTrail, include the decrypt permissions in the policy for the IAM user designated to Cloud Security Plus.

You can either attach the above permissions to the IAM user or simply copy and paste the sample inline policy given here.