Step 1: Create an IAM policy Step 2: Create a user

Set up credentials for Amazon S3

Step 1: Create an IAM policy

Open AWS Management Console.
Choose IAM > Policy, and choose Create Policy.
Create a policy. You can follow the example below to use IAM policy statement with minimum permissions, and change the <your-bucket-name> in the policy statement accordingly.

Note

For S3 buckets in AWS China Regions, make sure you also change to use arn:aws-cn:s3::: instead of arn:aws:s3:::.

Policy for source bucket

Policy for destination bucket

To enable S3 Delete Event, you need to add "s3:DeleteObject" permission to the policy.

Data Transfer Hub has native support for the S3 source bucket which enabled SSE-S3 and SSE-KMS. If your source bucket enabled SSE-CMK, please replace the source bucket policy with the policy for S3 SSE-KMS.

Step 2: Create a user

Open AWS Management Console.
Choose IAM > User, and choose Add User to follow the wizard to create a user with credential.
Specify a user name, for example, dth-user.
For Access Type, select Programmatic access only and choose Next: Permissions.
Select Attach existing policies directly, search and use the policy created in Step 1, and choose Next: Tags.
Add tags if needed, and choose Next: Review.
Review the user details, and choose Create User.
Make sure you copied/saved the credential, and then choose Close.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Tutorials

Policy for S3 Source Bucket with SSE-CMK enabled