Prerequisites
Create a user in IAM console:
- Sign in to your AWS Management console and open the IAM console.
- In the navigation menu, select Users, and then click Add users.
- Enter the User name for the new user, and click Next.
- On the Set permissions page, select Attach policies directly.
- Find and attach the following policies to this user:
- AmazonFSxConsoleReadOnlyAccess policy
- CloudWatchReadOnlyAccess policy
- Click Next.
Review your choices and click Create user.
- Once the user is created, select the user and click the Security credentials tab.
- On the Access keys panel, click Create access key, select Other as your use case, and click Next.
- Set a suitable description tag value if required and click Create access key.
Once the key is created, you can view the user's Access key and the Secret access key. Copy them to your clipboard as you will need them when configuring Amazon FSx in ADAudit Plus, and click Done.
Enable file access auditing on the Amazon FSx file system:
- Open the Amazon FSx console.
- Navigate to File systems and select the Windows file system for which you want to enable auditing.
- Select the Administration tab.
On the File Access Auditing panel, click Manage.
- On the Manage file access auditing settings dialog, enable logging of both successful and failed attempts for Log access to files and folders and Log access to file shares.
- Select CloudWatch Logs as your audit log destination and then choose the default log stream, /aws/fsx/windows.
Click Save.
From the navigation bar on the top, click the region list to the left of your account information and note the region code. For example: us-west-1. You will need this later when configuring Amazon FSx in ADAudit Plus.
