Assigning a Policy to the AWS IAM User
For data ingestion purposes, your IAM User account must have a policy that specifies the ARN for the Amazon S3 bucket, which you received from the OpenText SaaS team. You can replace the existing JSON policy file. You can use any valid approach to apply policies to a given IAM User.
-
Log in to AWS.
-
Browse to AWS account.
-
Click the IAM User that you created.
-
In the Permissions Policies tab, select .
-
Select the JSON tab.
-
Replace the existing JSON policy file with the following policy where <tenant bucket ARN> represents the ARN for the applicable Amazon S3 bucket.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowAccessToArcsightConnectorS3Location", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "<tenant bucket ARN>/*", "<tenant bucket ARN>" ] }, { "Sid": "AllowDownloadsAssumeRole", "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "<ARN of IAM role specified by OpenText SaaS team>" } ] }For example:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowAccessToArcsightConnectorS3Location", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::222222222-ap-southeast-1-secopstn01-avro/*", "arn:aws:s3:::222222222-ap-southeast-1-secopstn01-avro" ] }, { "Sid": "AllowDownloadsAssumeRole", "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::222222222:role/elo-222222222-ap-southeast-1-secopstn01-event-avro-role" } ] } -
Select , then enter a name for the policy.
For example, AllowAccessToArcsightConnectorS3Location
-
To complete the process, select .