Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. IT Analytics Help
  3. Section XII. Cloud
  4. Configuration for Amazon Web Services (AWS)
  5. Create an AWS IAM user

Create an AWS IAM user

Data collection requires an Amazon Web Services (AWS) Identity and Access Management (IAM) user with restricted permissions. This user must have read-only permission to collect billing records from the S3 bucket and also to access the AWS API methods to retrieve data about EC2 resources and any S3 bucket.

See Link AWS accounts for Collection of consolidated billing data.

  1. In Amazon Web Services IAM Management Console, create an IAM user, specifically for use by the IT Analytics Data Collector.

    Click Users > Create New Users > enter a user name.

    Ensure that Generate an access key for each user is selected.

    This configuration results in the following security credentials: Access Key ID and Secret Access Key.

    Note:

    Ensure to provide mandatory credentials for the required policy probes.

    Note:

    For more information, See Mandatory probe user privileges.

  2. Download the credentials, which you will need later when configuring a Data Collector Policy.

    These credentials are required when configuring the IT Analytics AWS Data Collector Policy. The access key and secret access key will be used by the Data Collector to make read-only requests to AWS APIs.

  3. In the IAM window, select the IAM User you just created and grant permissions by attaching the AWS-supplied ReadOnlyAccess policy.

    This read-only policy allows the Data Collector to retrieve data about EC2 resources and S3 buckets.

  4. If you want to link AWS accounts, refer to the following.

    See Link AWS accounts for Collection of consolidated billing data.

Feedback

Was this page helpful?
Previous

Select cost allocation tags

Next

Mandatory probe user privileges

Feedback

Was this page helpful?