Create an AWS IAM user
Data collection requires an Amazon Web Services (AWS) Identity and Access Management (IAM) user with restricted permissions. This user must have read-only permission to collect billing records from the S3 bucket and also to access the AWS API methods to retrieve data about EC2 resources and any S3 bucket.
See Link AWS accounts for Collection of consolidated billing data.
In Amazon Web Services IAM Management Console, create an IAM user, specifically for use by the IT Analytics Data Collector.
Click enter a user name.
Ensure that Generate an access key for each user is selected.
This configuration results in the following security credentials: Access Key ID and Secret Access Key.
Note:
Ensure to provide mandatory credentials for the required policy probes.
Note:
For more information, See Mandatory probe user privileges.
Download the credentials, which you will need later when configuring a Data Collector Policy.
These credentials are required when configuring the IT Analytics AWS Data Collector Policy. The access key and secret access key will be used by the Data Collector to make read-only requests to AWS APIs.
In the IAM window, select the IAM User you just created and grant permissions by attaching the AWS-supplied ReadOnlyAccess policy.
This read-only policy allows the Data Collector to retrieve data about EC2 resources and S3 buckets.
If you want to link AWS accounts, refer to the following.
See Link AWS accounts for Collection of consolidated billing data.