Chipper Access

Before Chipper can read logs from your S3 bucket, you need to create AWS IAM credentials with appropriate permissions. This one-time setup allows Chipper to securely access your log files.

---

What You'll Need

• AWS account with S3 and IAM access
• An S3 bucket containing your log files
• Permissions to create IAM users and policies

---

Step 1: Create an IAM User

1. Navigate to IAM Console

   • Log into AWS Console
   • Go to IAM (Identity and Access Management)

2. Create New User

   • Click "Users" in the left sidebar
   • Click "Create user"
   • Enter a username (e.g., chipper-log-reader)
   • Click Next

---

Step 2: Set Permissions

You have two options for granting permissions:

Option A: Use AWS Managed Policy (Simplest)

1. Select "Attach policies directly"
2. Search for and select "AmazonS3ReadOnlyAccess"
3. Click Next → Create user

Note: This grants read access to ALL S3 buckets in your account. For production use, consider Option B for tighter security.

Option B: Create Custom Policy (Recommended)

1. Select "Attach policies directly"
2. Click "Create policy"
3. Switch to the JSON tab
4. Paste the following policy:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": ["s3:GetObject", "s3:ListBucket"],
			"Resource": [
				"arn:aws:s3:::YOUR-BUCKET-NAME",
				"arn:aws:s3:::YOUR-BUCKET-NAME/*"
			]
		}
	]
}

5. Replace YOUR-BUCKET-NAME with your actual S3 bucket name
6. Click Next → Enter a policy name (e.g., ChipperS3ReadPolicy)
7. Click Create policy
8. Go back to the user creation, refresh the policy list, and select your new policy
9. Click Next → Create user

---

Step 3: Generate Access Keys

1. Open the Created User

   • Click on the username you just created
   • Go to the Security credentials tab

2. Create Access Key

   • Scroll to Access keys section
   • Click "Create access key"
   • Select "Third-party service" as the use case
   • Click Next → Create access key

3. Save Your Credentials

   • Copy the Access Key ID (starts with AKIA...)
   • Copy the Secret Access Key (long random string)

   ⚠️ Important: The Secret Access Key is only shown once. Save it securely - you'll need both values for Chipper configuration.

---

What's Next?

Now that you have your credentials, you can:

• Set up Pull (Automated Polling) - Chipper checks for new files every hour
• Set up Push (Event Notifications) - Get instant notifications when files are uploaded (recommended for faster ingestion)

---

Troubleshooting

Access Denied Errors

Symptom: Chipper can't list or read files from your bucket

Solutions:

• Verify both resource ARNs in your IAM policy match your bucket name exactly:
  • arn:aws:s3:::your-bucket-name (for listing)
  • arn:aws:s3:::your-bucket-name/* (for reading)
• Check that s3:GetObject AND s3:ListBucket are both allowed
• Ensure the IAM user has the policy attached

Invalid Credentials

Symptom: Authentication errors when testing connection

Solutions:

• Verify you copied the full Access Key ID and Secret Access Key
• Check for extra spaces or line breaks when pasting
• Ensure the access key is still active (check IAM console)

---

Need Help?

If you encounter issues with AWS access setup, check:

• AWS IAM Documentation
• S3 Bucket Policies
• Contact support with your Access Key ID (never share your Secret Key!)