Configuring Access for AWS Resources

A server might contain resources that only the authorized users can access. For accessing a protected resource, you must provide valid credentials to utilize the services of the resource. Similarly, on the AWS platform, only privileged users can access and utilize the AWS cloud applications. The Identity and Access Management (IAM) is the mechanism for securing access to your resources on AWS.

The two types of IAM mechanisms are as follows:

• IAM user is an entity that represents users on AWS. To access the resources or services on AWS, the IAM user must have the privileges to access these resources. By default, you have to set up all required permissions for a user. Each IAM user can have specific defined policies. An IAM user account is beneficial as it can have special permissions or privileges associated for a user.

  For more information about creating an IAM user, refer to the following link:

  https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html

  An IAM user can access the AWS services on the required Protegrity appliance instances with the access keys. The access keys are the authentication mechanisms that authorize AWS CLI requests. The access keys can be generated when you create the IAM user account. Similar to the username and password, the access keys consist of access key ID and the secret access key. The access keys validate a user to access the required AWS services.

  For more information about setting up an IAM user to use AWS Configure, refer to AWS Configure.

• IAM role is the role for your AWS account and has specific permissions associated with it. An IAM role has defined permissions and privileges which can be given to multiple IAM users. For users that need same permissions to access the AWS services, you should associate an IAM role with the given user account.

  If you want a Protegrity appliance instance to utilize the AWS resources, the instance must be provided with the required privileges. This is achieved by attaching an IAM role to the instance. The IAM role must have the required privileges to access the AWS resources.

  For more information about creating an IAM role, refer to the following link:

  https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html

For more information about IAM, refer to the following link.

https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

AWS Configure

The AWS Configure operation is a process for configuring an IAM user to access the AWS services on the Protegrity appliance instance. These AWS services include CloudWatch, CloudTrail, S3 bucket, and so on.

To utilize AWS resources and services, you must set up AWS Configure if you have an IAM User.

To set up AWS Configure on a non-AWS instance, such as on-premise, Microsoft Azure, or GCP instance, you must have the following:

1. A valid IAM User

2. Secret key associated with the IAM User

3. Access key ID for the IAM User

4. The AWS Region on whose servers you want to send the default service requests

   For more information about the default region name, refer to the following link.

   https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html

If the access keys or the IAM role do not have the required privileges, then the user cannot utilize the corresponding AWS resources.

For AWS Configure, only one IAM user can be configured for an appliance at a time.

Configuring AWS Services

Below are instructions for configuring AWS services.

Before you begin

• It is recommended to configure the AWS services from the Tools > Cloud Utility AWS Tools > AWS Configure menu.

• On the Appliance Web UI, ensure that the AWS Admin privilege is assigned to the user role for configuring AWS on non-AWS instance.

How to configure AWS Services

To configure the AWS services:

1. Login to the Appliance CLI Manager.

2. To configure the AWS services, navigate to Tools > Cloud Utility AWS Tools > AWS Configure.

3. Enter the root credentials.

   The following screen appears.

   

4. Select Edit and press ENTER.

5. Enter the AWS credentials associated with your IAM user in the AWS Access Key ID and AWS Secret Access Key text boxes.

6. Enter the region name in the Default Region Name text box. This field is case sensitive. Ensure that the values are entered in small-case.

   For more information about the default region name, refer to the following link:

   https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html

7. Enter the output format in the Default Output Format text box. This field is case sensitive. Ensure that the values are entered in small-case.

   If the field is left empty, the Default Output Format is json. However, the supported Default Output Formats are json, table, and text.

   For more information about the default output format, refer to the following link:

   https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html

8. Select OK and press ENTER.

   A validation screen appears.

   

9. Select OK and press ENTER.

   A confirmation screen appears.

   

10. Select OK.

    The configurations are applied successfully.

• ←Previous
• Next→

Last modified February 7, 2025