Network Insight requires an AWS Identity and Access Management (AWS IAM) user with specific read-only permissions to access information related to AWS entities and flow logs.

About this task

This procedure describes how to create an IAM user for Network Insight with access to all the regions and their Virtual Private Clouds (VPCs). An IAM user is used to register the AWS data source in Network Insight.


  1. Log in to the AWS console with IAM User creation rights, and then navigate to the IAM service.

  2. Select Users on the left column, and click Add User.

  3. Perform the following steps on the Add user screen:

    1. Enter a user name.
    2. Under Select AWS Access Type, select the Programmatic access access type.
    3. Click Next:Permissions.
  4. Go to the next page to set permissions for the user, and choose Attach existing policies directly.

  5. Search for AmazonEC2ReadOnlyAccess and CloudWatchLogsReadOnlyAccess policies.
  6. Note the newly created user's access key and secret key that are required for registering the AWS account as a data source in Network Insight.