Creating policy for AWS S3

Regardless of which setup you choose (IAM User or STS) you will need to setup a policy to grant the user or role access to scan the S3 buckets.

In addition, to fully enable incremental scanning, you will need to setup a Simple Queue Service (SQS) for each region that contains an S3 bucket.