Create a New AWS User and AWS API Credentials

Step 1:

• Log into the AWS Management Console using an Admin account.

• In the search field next to the Services drop-down menu, type IAM and then select the IAM service from the drop-down menu.

Step 2:

• On the Users page, select Add users in the upper-right corner.

• In the Add user pop-up, in User name, enter EIPCollector.

• For Access type, select the Programmatic access check box.

• Select the Next: Permissions.

Add Necessary Permission Policies

Step 3:

• Under the Set permissions drop-down, select Attach existing policies directly.

• Select Create policy to create a custom policy.

• In the Create policy pop-up, on the Visual editor tab, for Service, select Network Firewall, and then select Read Only Actions.

• For Resources, select Specific and select the Any in this account check-box for Firewall and FirewallPolicy.

• There are no Request conditions to complete. Proceed to the next step.

• No action is needed for the Add tags section unless it is necessary for the customer organization. Proceed to the Review page.

• Create a Name and Description for the new policy. A recommended name and description are found in the image below.

• Select Create.

Step 4:

• In the Filter policies search field, type SecurityAudit and select SecurityAudit from the results. Repeat this procedure for AmazonVPCReadOnlyAccess, AWSNetworkManagerReadOnlyAccess, and the new custom NetworkFirewallReadOnly policies. No Permission boundary is needed.

• Select Next: Tags.

• No action is needed for the Add tags section unless it is necessary for the customer organization.

• Proceed to the Review page.

• Review the new user and ensure it has the needed traits, as shown in the image below.

• Select Create user.

Step 5:

• At the final stage of creating a new user, a success message displays. Under the success message, the newly generated Access key ID and Secret access key appear. Copy them and store them in a secure location.