One Identity Safeguard for Privileged Passwords can manage cloud platform accounts such as Amazon Web Services (AWS).
Before you add cloud platform accounts to SPP, you must first add an asset with which to associate the accounts. For more information, see Preparing Amazon Web Services platforms.
To add a cloud platform account
- Navigate to Asset Management > Assets.
- Click New Asset from the toolbar.
-
In the General tab:
- Name: Enter an asset name that is meaningful to you, such as "Cloud Account Server" which you can use to manage all cloud platform accounts.
- (Optional) Description: Enter a description for the asset.
-
In the Connection tab:
- Platform: Select the appropriate product, such as Amazon Web Services.
- Version: For Amazon Web Services, select the version.
- Architecture: Enter the product's system architecture.
- Network Address: For Amazon Web Services, enter the AWS Account ID or Alias which can be found on the AWS IAM User's view.
- Authentication type: Select one of the following:
-
Access Key to authenticate to the asset using an access key. Enter the following information:
- Service Account Name: Enter the configured IAM service account.
- Access Key ID: Enter the Access Key ID created for the IAM service account.
- Secret Key: Enter the Secret Key created for the IAM service account.
- None to not authenticate to the asset and manually manage the asset.
-
- Click OK to save.
Once you add the cloud platform asset, you can associate accounts with it.
To add an account to the cloud platform
- In Assets, select the cloud platform asset and switch to the Accounts tab.
- Click New Account from the details toolbar.
- In the Name field on the General tab, enter the cloud platform account username, email address, or phone number.
- (Optional) Enter a Description.
- On the Management tab, ensure the Enable Password Request option is checked.
- Click Browse to select a profile to govern this account.
- Click Add Account.
- Click OK to save.
Now you can manually check, change, or set the cloud platform account password; and, SPP can automatically manage the password according to the Check and Change settings in the profile governing the account.
To check out the cloud platform account
- Add a cloud platform Account Group and add the accounts to the group.
- Add an entitlement for the cloud platform accounts.
- Add users to the entitlements.
- Add a password release policy to the entitlement.
- Add the cloud platform Account Group to the scope of the policy.