Configure AWS IAM for CSM

Before you can connect to the AWS API, you will need to set up a pair of access keys in your AWS account.

Your specific AWS account should be set up according to your organization's security policies and AWS best practices. For CSM to connect via the AWS API, you must create access keys for use by the application. This can be done using a single key pair to connect for the organization, or it can be done on a user level. This mApp® Solution assumes the organization will use a single key pair for the entire organization, and rotate that key on an appropriate schedule.

Make sure that the Identity and Access Management (IAM) user for which you generate these keys has the following permissions:

  • AWSServiceCatalogAdminReadOnlyAccess
  • AmazonS3ReadOnlyAccess
  • AmazonEC2ReadOnlyAccess

Access to individual CSM users is granted through CSM. Individual customers should belong to a department, and departments should be granted access to an AWS Portfolio. For more information, see Grant AWS Account Access to CSM Users or Add Departments to the AWS Portfolio Supporting Object.

Make sure that the Identity and Access Management (IAM) user for which you generated the key also has access to any portfolios in your AWS account.

To set up AWS IAM for CSM:

  1. In the AWS console, navigate to AWS Identity and Access Management.
  2. Follow the steps outlined in Managing Access Keys for IAM Users to generate a key pair for use with this integration. Save these access keys prior to completing Add AWS Access Keys to CSM.