Creating Credentials for AWS Integration


BMC TrueSight Pulse's direct integration to Amazon Web Services (AWS) collects and displays metrics from AWS CloudWatch. To get started you must have credentials that provide the proper privileges so that TrueSight Pulse can extract and display metrics from the cloud services you deploy.

The principle of least privilege dictates that a user, process, or program must be able to access only the information and resources that are necessary. This article describes how to configure your AWS account using this principle, to generate the minimal access credentials required to integrate your AWS account with TrueSight Pulse.

AWS provides Identity and Access Management (IAM) service, which allows customers to manage user and permissions in AWS. If you are unfamiliar with this service, please visit for additional details. Instructions that follow assume that you have a basic understanding of IAM.

Creating IAM Credentials for BMC TrueSight Pulse

A pair of keys (Access Key ID and Secret Access Key) are required to provide access to BMC TrueSight Pulse to extract and display data from AWS CloudWatch. The steps that follow provide instructions on how to generate the required keys.


Before getting started the following items are required:

  • Existing AWS Account
  • Required credentials to login to the AWS account.
  • Sufficient privileges to modify the IAM service details.


The high-level steps required to complete the generation of the keys are as follows:

  1. Login - Gain access to the AWS console with your credentials
  2. Create a User - Generate a new user, the keys will be associated with this user.
  3. Create a Group - Generate a group and associate a policy that grants the permissions to allow BMC TrueSight Pulse to extract and display metrics.
  4. Assign the User to the Group - Associates the group that has require permissions with the user that has the required keys.


  1. Sign in to the AWS Management Console and open the IAM console at
  2. The IAM dashboard should be displayed.

Create a User

This step will create a truesight user that will have the keys that are required.

  1. From the left hand menu bar select Users. The User editor will be displayed.

  1. Click on the Create New Users button
  2. In the first field of Enter User Names type: truesight
  3. Leave the checkbox Generate an access key for each user selected.

  1. Click on the Create button.
  2. Click on the Download Credentials button to save the credentials (Access Key ID and Secret Access Key) to a file.

  1. Click close in the lower right corner.

Create a Group

This step will generate a new group and assign the required permissions to the group via a policy.

  1. From the left hand menu bar select Groups. The Group editor is displayed.

  1. Click the button Create New Group button.
  2. In the Group Name field type: Truesight.

  1. Click on the button Next Step in the lower right corner.
  2. Scroll down the list and check the box next to the item with a Policy Name of CloudWatchReadOnlyAccess.
  3. Click on the button Next Step in the lower right corner.

  1. Click on the Create Group button which returns to the Groups editor.

Assign the User to the Group

Associates the truesight user with the Truesight group, so that the truesight user has the require permissions.

  1. Check box next to the line entry Truesight.
  2. Click on the Group Actions button which displays a drop down and select the Add Users to Group.
  3. Click the check box next to truesight.
  4. Click on the Add Users button in the lower right.

Use Keys in Pulse AWS Integration

The Access Key ID and Secret Access Key are contained in the file downloaded from step 6 from Create a User. These keys can now be used to configure the BMC TrueSight Pulse integration to AWS. For more information on configuring the integration, see Integrating with AWS.

Have more questions? Submit a request