S3 Permissions Setup
To use CloudCrumbs with your AWS CloudTrail logs, you need to create an AWS IAM user with appropriate permissions to read and fetch files from the S3 bucket containing your CloudTrail logs.
Prerequisites
- Access to AWS IAM console
- Administrator permissions or IAM management permissions
- Knowledge of your CloudTrail S3 bucket name and region
Step 1: Create IAM User
- Log in to the AWS Management Console
- Navigate to IAM service
- Click "Users" in the left sidebar
- Click "Create user"
- Enter a username (e.g.,
cloudcrumbs-user) - Select "Programmatic access" for access type
- Click "Next: Permissions"
Step 2: Create Custom Policy
- In the IAM console, go to "Policies"
- Click "Create policy"
- Select the "JSON" tab
- Replace the default content with the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::YOUR-CLOUDTRAIL-BUCKET-NAME",
"arn:aws:s3:::YOUR-CLOUDTRAIL-BUCKET-NAME/*"
]
}
]
}
- Replace
YOUR-CLOUDTRAIL-BUCKET-NAMEwith your actual CloudTrail S3 bucket name - Click "Next: Tags" (optional)
- Click "Next: Review"
- Enter a policy name (e.g.,
CloudCrumbsS3ReadAccess) - Add a description (e.g., "Allows CloudCrumbs to read CloudTrail logs from S3")
- Click "Create policy"
Step 3: Attach Policy to User
- Go back to the IAM Users section
- Click on your newly created user
- Click "Add permissions"
- Select "Attach existing policies directly"
- Search for and select the policy you just created
- Click "Next: Review"
- Click "Add permissions"
Step 4: Generate Access Keys
- In the user details page, click the "Security credentials" tab
- Scroll down to "Access keys" section
- Click "Create access key"
- Select "Application running outside AWS" as the use case
- Click "Next"
- Add a description tag (optional)
- Click "Create access key"
- Important: Download the CSV file or copy the Access Key ID and Secret Access Key immediately