Step 2: Create a privileged account that contains the AWS role definition or AWS policy The user of the AWS IAM account of the access key. Select the Safe where the account will be stored. Select the Amazon Web Services (AWS) Access Keys platform. In the PVWA Accounts page, click Add Account. These keys must be attached to an AWS policy that grants permission to call the AssumeRole AWS API command. This account holds the secret access key and access key ID that are used to generate the temporary credentials. This account is used as the logon account for the AWS console. Create the PSM connection component account Configure a PSM connection component for AWS Console with STS Step 1: Create a privileged account that contains the secret access key and access key ID For more information about the general parameters, see Connection Component Configuration. The AWS STS connection component uses the general parameters that are common to all connection components. Open PowerShell in C:\Program Files (x86)\CyberArk\PSM\Hardening and run the following command to start the script:įor details, see Run AppLocker rules. Save the PSMConfigureAppLocker.xml configuration file and close it. Verify that the path specified in the xml matches the browser installation path. Specifically, make sure that the following line is uncommented: In the Hardening subfolder of PSM installation folder, open the PSMConfigureAppLocker.xml configuration file and edit the AllowedApplications section:Īt the beginning of the Google Chrome processes section, remove the following line: Remove the read-only permission from the PSMConfigureAppLocker.xml file. For details about creating the account, see Create the PSM connection component account below.Ĭonfigure the AppLocker rules to enable Google Chrome Google Chrome installed on the PSM machine.Ī PSM connection account for AWS Console or AWS GovCloud Console with STS. NET Framework 4.8 must be installed on the PSM machine as well. If you are using an older version of PSM. Make sure you have met the following requirements: This PSM connector cannot run when PSM is installed on Windows that is FIPS-enabled. IAM users on AWS consoles (a trusted connector is available on the CyberArk Marketplace) Root users on AWS consoles (a trusted connector is available on the CyberArk Marketplace) This PSM connector is not supported for the following users: The PSM Connection Component for AWS Console with STS can be downloaded from the Marketplace. Once the user is connected to the AWS management console, they assume the specific AWS role and policy and can perform authorized operations on the AWS platform. The internet browser must be one of CyberArk's Web-application infrastructure supported browsers. The AWS STS connection component enables an end user to log in to the AWS platform using a secured connection from an internet browser via a PSM monitored session. PSM includes an out-of-the-box Amazon Web Services (AWS) Console connection component that integrates with AWS Secure Token Service (STS), and enables an administrator to configure accounts with specific AWS roles or policies. AWS provides AWS Security Token Service (AWS STS) as a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).
0 Comments
Leave a Reply. |