Skip to Content
How-To GuidesConnect AWS S3

Connect AWS S3

This guide walks you through connecting an AWS S3 bucket to Slim.io for scanning.

Time required: 5–10 minutes

Prerequisites:

  • AWS Console access with IAM permissions
  • An S3 bucket you want to scan
  • Slim.io Customer Dashboard access

Step 1: Start the Connector Wizard

  1. Log in to the Slim.io Customer Dashboard at /dash/.
  2. Navigate to Connectors in the sidebar.
  3. Click Add Connector.
  4. Select Amazon Web Services.

The wizard displays the Slim.io AWS Account ID and a generated External ID. Keep these values visible — you will need them in the next step.

Step 2: Create an IAM Role in AWS

  1. Open the AWS IAM Console .
  2. Navigate to Roles > Create role.
  3. Select Another AWS account as the trusted entity type.
  4. Enter the Slim.io AWS Account ID from the wizard.
  5. Check Require external ID and paste the External ID from the wizard.
  6. Click Next: Permissions.

Step 3: Attach the Permission Policy

  1. Click Create policy (opens a new tab).
  2. Select the JSON tab and paste:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket",
        "s3:GetBucketLocation"
      ],
      "Resource": [
        "arn:aws:s3:::YOUR_BUCKET_NAME",
        "arn:aws:s3:::YOUR_BUCKET_NAME/*"
      ]
    }
  ]
}
  1. Replace YOUR_BUCKET_NAME with your actual bucket name.
  2. Name the policy (e.g., SlimIOScannerPolicy) and create it.
  3. Return to the role creation tab, refresh the policy list, and select the new policy.
  4. Click Next: Review.

Step 4: Name and Create the Role

  1. Name the role (e.g., SlimIOScannerRole).
  2. Review the trust policy and permissions.
  3. Click Create role.
  4. Open the new role and copy its ARN (e.g., arn:aws:iam::123456789012:role/SlimIOScannerRole).

Step 5: Complete the Connector in Slim.io

  1. Return to the Slim.io connector wizard.
  2. Paste the Role ARN.
  3. Select the AWS Region where your bucket is located.
  4. Optionally, add bucket name filters or prefix restrictions.
  5. Click Test Connection.

The test verifies that Slim.io can assume the IAM role and list objects in the target bucket. If it succeeds, you will see a green “Connected” status with the number of discoverable objects.

Step 6: Verify

After the connector shows Active status:

  • The connector appears in your Connectors list with the AWS provider icon
  • You can trigger a scan immediately by clicking the Scan button
  • The connector’s last scan time, finding count, and risk score update after each scan

Troubleshooting

IssueSolution
”Access Denied”Verify the Role ARN, External ID, and trust policy account ID match exactly
”Bucket not found”Check bucket name spelling and ensure it exists in the specified region
”Insufficient permissions”Ensure s3:ListBucket is granted on the bucket resource (not just s3:GetObject on objects)

Next Steps

Last updated on
OverviewConnect Google Cloud Storage