How to create Amazon IAM user for cloudHQ sync / backup to Amazon S3

Introduction
Create an IAM user
Attach a policy
1. Use an existing policy
2. Create a custom policy
Create access keys
Copy the credentials

Introduction

Here are instructions to create an Amazon IAM user:

Create a user in Amazon IAM:
Name the user. For example: cloudHQ_backup_user
Attach a policy. You have two choices. The simple way is to attach an existing policy with full access to the bucket you will use. The more secure way is to create a custom policy that only allows access to the backup bucket.
Use an existing policy:
- The simplest option is to attach the AmazonS3FullAccess policy:
Create your own policy:
- Alternatively, create a new policy that limits this IAM user to only the backup bucket. Use a policy with the following permissions:
- In the policy editor, select JSON and paste the following. Replace acme-backup-bucket with your bucket name.
```
{ 
 "Version": "2012-10-17",
 "Statement": [
    {
      "Sid": "AllowGroupToSeeBucketList",
      "Effect": "Allow",
      "Action": [ 
         "s3:ListAllMyBuckets",
         "s3:GetBucketLocation"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "AllowBackupIntoBucket",
      "Effect": "Allow",
      "Action": [ 
         "*"
      ],
      "Resource": [
         "arn:aws:s3:::acme-backup-bucket/*",
         "arn:aws:s3:::acme-backup-bucket*"    
      ]
    }
  ]
}
```
  IMPORTANT: Replace acme-backup-bucket with your bucket name
  
  Note: you must include both “*” and “/*” in Resources.
- Name the policy (for example: cloudHQ_policy_for_backup_into_bucket_acme_bucket) and save it:
- Select that policy in the IAM wizard:
After the user is created, create access keys (credentials). You will enter these in cloudHQ.
Copy the credentials (and download them). You will enter these in cloudHQ.