Adding a CSP Account for AWS
You must have created a service account in AWS before you can add a CSP account. For more information see Configuring AWS for KeyControl BYOK.
Note: If you set the rotation schedule during CSP account creation, then the access key will be rotated immediately after the account is created. The access key used to set up the CSP account will be deleted.
Procedure
- Log into the KeyControl Vault for Cloud Keys webGUI using an account with Cloud Admin privileges.
- In the top menu bar, click CloudKeys.
- Click the CSP Accounts tab and select Actions > Add CSP Account.
-
On the Details tab of the Add CSP dialog box, enter the account details.
Field Description Name The name you want to use for the CSP Account. Description An optional description of the CSP Account. Admin Group
Select the Admin Group that you want to use for the account.
Type
Select AWS.
AWS Access Key ID
Enter the AWS Access Key ID.
AWS Secret Access Key
Enter the AWS Secret Access Key.
Default Region
Select the region where this CSP Account will be used.
-
Click Continue.
-
On the Schedule tab, determine the rotation schedule for the access keys. This can be one of the following:
- Never—The access keys will never be rotated.
- Every x days—The access keys will be rotated on a daily basis. The minimum is 1 day and the maximum is 1096 days.
- Every x weeks—The access keys will be rotated on a weekly basis. The minimum is 1 week and the maximum is 156 weeks.
- Every x months—The access keys will be on a monthly basis. The minimum is 1 month and the maximum is 36 months.
- Every x years—The access keys will be rotated on a yearly basis. The minimum is 1 year and the maximum is 3 years.
-
Click Add.
