How to setup the AWS receptor to authenticate using an IAM user with a single AWS account
This page explains just one of your authentication configuration options. See all options for configuring how the Trustero receptor authenticates to AWS.
These instructions explain how to grant the AWS receptor access to a single AWS account to retrieve evidence using IAM User authentication.
Steps to create the trustero-api-user:
- Log into the AWS IAM console
- Select Users from the vertical menu column on the left side of the screen
- Select Add User
- Enter trustero-api-user in the User name field
- Select Next to move to the next step
- On the Permissions page, select Attach existing policies directly
- In the Search box under Permission policies, enter ReadOnlyAccess, and select AWS managed - job function in the type drop down menu to the right of the search box
- Scroll to the very bottom of the Policy list until you see the ReadOnlyAccess policy then select the ReadOnlyAccess policy
- Select Next: Tags
- Select Create user
- You should be redirected back to the user list page. Select the trustero-api-user user.
- Select the Security credentials tab
- Select Create access key
- Select Third-party service, and check the box for I understand the above recommendation and want to proceed to create an access key.
- Select Next and enter a description for the key.
- Select Create access key
- Keep note of the Access key ID and the Secret access key. Copy both values into the form below.
If you already have an AWS user designated to make read only API calls, you can add an access key. Follow these steps to add an access key:
- Log into the AWS IAM console
- Select Users from the vertical menu column on the left side of the screen
- Select the designated user with ReadOnlyAccess policy privilege
- Select Create access key
- Save the Access key ID and the Secret access key so you can provide it to the receptor
Return to the receptor in the Trustero application to complete activation.