Adding a Cloud Service Provider Account for AWS
You must have created a service account in AWS before you can add a Cloud Service Provider account. For more information see Configuring AWS for Cryptographic Security Platform Vault BYOK.
Note: If you set the rotation schedule during Cloud Service Provider account creation, then the access key will be rotated immediately after the account is created. The access key used to set up the Cloud Service Provider account will be deleted.
Procedure
- Log into the Cryptographic Security Platform Vault for Cloud Keys webGUI using an account with Cloud Admin privileges.
- In the top menu bar, click CloudKeys.
- Click the CSP Accounts tab and select Actions > Add Cloud Service Provider Account.
-
On the Details tab of the Add CSP dialog box, enter the account details.
Field Description Name The name you want to use for the Cloud Service Provider Account. Description An optional description of the Cloud Service Provider Account. Admin Group
Select the Admin Group that you want to use for the account.
Type
Select AWS.
AWS Access Key ID
Enter the AWS Access Key ID.
AWS Secret Access Key
Enter the AWS Secret Access Key.
Default Region
Select the region where this Cloud Service Provider Account will be used.
-
Click Continue.
-
On the Schedule tab, determine the rotation schedule for the access keys. This can be one of the following:
- Never—The access keys will never be rotated.
- Every x days—The access keys will be rotated on a daily basis. The minimum is 1 day and the maximum is 1096 days.
- Every x weeks—The access keys will be rotated on a weekly basis. The minimum is 1 week and the maximum is 156 weeks.
- Every x months—The access keys will be on a monthly basis. The minimum is 1 month and the maximum is 36 months.
- Every x years—The access keys will be rotated on a yearly basis. The minimum is 1 year and the maximum is 3 years.
-
Click Add.