Understanding the AWS IAM User

An AWS Identity and Access Management (IAM) user is an entity that you create in AWS, that allows you and data ingestion components you configure to access the Amazon S3 bucket for ArcSight provisioned for your tenant. The IAM user consists of a name and credentials. By creating and owning this IAM user, only you know the account’s credentials. You can change the credentials according to your preferred schedule without intervention from the OpenText SaaS team. This method gives you the highest level of security and convenience.

Before you create or configure the IAM user, review the following considerations:

• To comply with the principle of least privilege, a newly created IAM user has no privileges in the AWS account. You will need to assign a policy to the user.

• As a best security practice, the credentials for each IAM user should be unique and kept secure.

• Each IAM user can have two access keys (each with an Access Key ID and Secret Access Key pair) to enable key rotation. If you use the SmartConnector Amazon S3 destination, you should configure all of your SmartConnectors with the same access key. Then, when you perform a key rotation, use the other access key.