Setting up Amazon Fraud Detector - Amazon Fraud Detector

Setting up Amazon Fraud Detector

Before using Amazon Fraud Detector, you must have an Amazon Web Service (AWS) account. After you have an AWS account, you can access Amazon Fraud Detector console, the AWS Command Line Interface (AWS CLI), or the AWS SDKs.

After you complete these steps, see Get started (console) to continue getting started with Amazon Fraud Detector.

Sign up for AWS

When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all services in AWS, including Amazon Fraud Detector. You are charged only for the services that you use. If you have an AWS account already, skip to the next task. If you don't have an AWS account, use the following procedure to create one.

To create an AWS account

  1. Open https://aws.amazon.com and then choose Create an AWS Account.

  2. Follow the on-screen instructions to complete the account creation. Note your 12-digit AWS account number.

Setting up permissions

To use Amazon Fraud Detector, you have to set up permissions that allow access to the Amazon Fraud Detector console and API operations. You also have to allow Amazon Fraud Detector to perform tasks on your behalf and to access resources that you own.

We recommend creating an AWS Identify and Access Management (IAM) user with access restricted to Amazon Fraud Detector operations and required permissions. You can add other permissions as needed.

The following policies provide the required permission to use Amazon Fraud Detector:

  • AmazonFraudDetectorFullAccessPolicy

    Allows you to perform the following actions:

    • Access all Amazon Fraud Detector resources

    • List and describe all model endpoints in SageMaker

    • List all IAM roles in the account

    • List all Amazon S3 buckets

    • Allow IAM Pass Role to pass a role to Amazon Fraud Detector

  • AmazonS3FullAccess

    Allows full access to Amazon S3. This is required if you need to upload training datasets to S3.

Create an IAM user and assign required permissions

The following describes how to create an IAM user and assign the needed permissions.

To create an IAM user and assign required permissions

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Users and then choose Add user.

  3. For User name, enter AmazonFraudDetectorUser.

  4. Select the AWS Management Console access check box, and then configure the user’s password.

  5. (Optional) By default, AWS requires the new user to create a new password when first signing in. You can clear the check box next to User must create a new password at next sign-in to allow the new user to reset their password after they sign in.

  6. Choose Next: Permissions.

  7. Choose Create group.

  8. For Group name enter AmazonFraudDetector Group.

  9. In the policy list, select the check box for AmazonFraudDetectorFullAccessPolicy and AmazonS3FullAccess. Choose Create group.

  10. In the list of groups, select the check box for your new group. Choose Refresh if necessary to see the group in the list.

  11. Choose Next: Tags.

  12. (Optional) Add metadata to the user by attaching tags as key-value pairs. For more information about using tags in IAM, see Tagging IAM Users and Roles.

  13. Choose Next: Review to see the User details and Permissions summary for the new user. When you are ready to proceed, choose Create user.