Configure AWS IAM for CSM
Before you can connect to the AWS API, you will need to set up a pair of access keys in your AWS account.
Your specific AWS account should be set up according to your
organization's security policies and AWS best practices. For
CSM
to connect via the AWS API, you must create access keys for use by the
application. This can be done using a single key pair to connect for the
organization, or it can be done on a user level. This
mApp®
Solution
assumes the organization will use a single key pair for the entire
organization, and rotate that key on an appropriate schedule.
Note: Make sure that the Identity and Access Management (IAM) user for
which you generate these keys has the following permissions:
- AWSServiceCatalogAdminReadOnlyAccess
- AmazonS3ReadOnlyAccess
- AmazonEC2ReadOnlyAccess
Access to individual
CSM
users is granted through
CSM.
Individual customers should belong to a department, and departments should be
granted access to an AWS Portfolio. For more information, see
Grant AWS Account Access to
CSM
Users or
Add Departments to the AWS Portfolio Supporting
Object.
Note: Make sure that the Identity and Access Management (IAM) user for
which you generated the key also has access to any portfolios in your AWS
account.
To set up AWS IAM for CSM:
- In the AWS console, navigate to AWS Identity and Access Management.
- Follow the steps outlined in Managing Access Keys for IAM Users to generate a key pair for use with this integration. Save these access keys prior to completing Add AWS Access Keys to CSM.