This guide walks you through creating an AWS Access Key and Secret and gathering the configuration needed to create an Amazon Security Lake sink integration.

Create an AWS Access Key and Secret

Before you begin, make sure you have set up Amazon Security Lake and have gathered the ARN of the security lake S3 bucket.

1. Create a policy for S3 Write Only Access

Once logged in to the AWS Management console with a user capable of managing users and access, use the search box to navigate to the Policies IAM feature screen. Click Create policy.

Using the policy editor, select the 'S3' service. Expand the 'Write' section and select the 'PutObject' permission.

In the 'Resources' section make sure to select 'Specific' and click the Add ARNs link. Add the Security Lake bucket ARN to the policy.

Click Next, and supply a policy name such as 'SecurityLakeWriteOnly'. Click Create policy.

2. Create a user with API Only access

Use the search at the top of your management console to navigate to the Users IAM feature screen. Click Create user.

Fill in the User name field for the user. For example 'SecLakeSinkUser'. Leave the 'Provide user access to AWS Management Console' option unchecked, this user only needs programmatic access. Click Next.

Under permissions options select 'Attach policies directly'

Use the policy search box to filter by the name you gave to the policy in step 1. Select the policy and then click Next.

Review the user details and then click Create user

3. Get an Access Key ID and Secret

Back on the main Users list screen, find your new user and click it to open the details page.

In the 'Summary' section find the link to Create access key. If you are presented with a use-case screen select 'Other' and click Next. Add any descriptive tag desired and click Create access key.

You should be presented with a 'Retrieve access keys' screen where you can get your 'Access key' (Access Key ID) and 'Secret access key'. You will need to click the 'Show' link to reveal your secret access key.

Copy both of these values to a safe location.

Configure the Integration

Create your integration by supplying all configuration values.

URL This is your AWS S3 bucket API URL. This will be specific to your security lake S3 bucket.

Region (Optional) This is the AWS region requests should go through. If not supplied, the region is inferred from the URL provided.

Access Key ID This is the Access Key ID gathered in step 3.

Secret Access Key This is the Secret Access key gathered in step 3.

Session (Optional) A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.