Our organization is setting up the S3 plugin for InsightConnect for the first time. We’ve found that, although there’s an optional setting for IAM Role, the configuration still requires IAM User. We do not allow IAM User unless absolutely required because IAM User principals require secret/access keys (credentials) to be transferred and/or stored, require rotation, and are against AWS best practices. IAM Roles are preferred because it eliminates the need to use secret/access keys, thus eliminating the negative aspects of using that principal type.
Are we misunderstanding how to configure the AWS S3 Plugin for InsightConnect, or is an IAM User truly required? If the latter, is it on the roadmap to develop proper AWS IAM support in the future?