Creating policy for AWS S3
Regardless of which setup you choose (IAM User or STS) you will need to setup a policy to grant the user or role access to scan the S3 buckets.
In addition, to fully enable incremental scanning, you will need to setup a Simple Queue Service (SQS) for each region that contains an S3 bucket.