# Create a New AWS User and AWS API Credentials #### Step 1: * Log into the AWS Management Console using an Admin account. * In the search field next to the **Services** drop-down menu, type **IAM** and then select the **IAM** service from the drop-down menu. ![](/files/pqjMg5ADjevEHsvYwKhq) #### Step 2: * In the **IAM** dashboard, under **Access Management** (in the left column), select **Users**. \ \ ![](/files/3rJns62RyPvnQFq2CNBD) * On the **Users** page, select **Add users** in the upper-right corner. ![](/files/SYMQ5wnPPd90xZdva9nI) * In the **Add user** pop-up, in **User name*****,*** enter **EIPCollector**. * For **Access type**, select the **Programmatic access** check box. * Select the **Next: Permissions**. ![](/files/ktaRK2afAZynXaeV8tSe) ### Add Necessary Permission Policies #### Step 3: * Under the **Set permissions** drop-down, select **Attach existing policies directly**. ![](/files/O5u7F17Tok1MKyuuPfZM) * Select **Create policy** to create a custom policy. ![](/files/2lrKJewxKc088UQGY1da) * In the **Create policy** pop-up, on the **Visual editor** tab, for **Service**, select **Network Firewall**, and then select **Read Only Actions**. * For **Resources*****,*** select **Specific** and select the **Any in this account** check-box for **Firewall** and **FirewallPolicy**. * There are no **Request conditions** to complete. Proceed to the next step. ![](/files/2HS4NDDxO7vwfGjt1kBg) * No action is needed for the **Add tags** section unless it is necessary for the customer organization. Proceed to the **Review** page. ![](/files/DxvbuhI4VhAHEAzRdKu5) * Create a **Name** and **Description** for the new policy. A recommended name and description are found in the image below. * Select **Create**. ![](/files/p6bjtqla3ZuH3XAFOvP2) #### Step 4: * In the **Filter policies** search field, type **SecurityAudit** and select **SecurityAudit** from the results. Repeat this procedure for **AmazonVPCReadOnlyAccess**, **AWSNetworkManagerReadOnlyAccess**, and the new custom **NetworkFirewallReadOnly** policies. No **Permission boundary** is needed. * Select **Next: Tags**. ![](/files/Dc81l8Hmx53j83Vzqp94) * No action is needed for the **Add tags** section unless it is necessary for the customer organization. * Proceed to the **Review** page. ![](/files/4zxv6bddCxTsU3gbp4sD) * Review the new user and ensure it has the needed traits, as shown in the image below. * Select **Create user**. ![](/files/YcJRsm836vREF1NJtcfX) #### Step 5: * At the final stage of creating a new user, a success message displays. Under the success message, the newly generated **Access key ID** and **Secret access key** appear. Copy them and store them in a secure location. ![](/files/Kivi3pfFIRMMYevjKInV) {% hint style="warning" %} Please note that if you do not copy and store the newly generated credentials they will not be visible later and you will need to create new credentials. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.reveald.com/technical-documentation/data-sources-early-access/aws/create-a-new-aws-user-and-aws-api-credentials.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.