UI

In order to create a new AWS-IAM authentication credentials, go to Auth Methods tab, click on new and select AWS-IAM.

CLI

you can also create new AWS-IAM authentication method with cli command:

akeyless create-auth-method-aws-iam

Options

CLI

UI

Description

Example

-n, --name

Name

Auth Method name

--access-expires[=0]

Expiration Date

Access expiration date in Unix timestamp (select 0 for access without expiry date)

--bound-ips

Restricted IPs

A CIDR whitelist of the IPs that the access is restricted to

--bound-AWS-account-id

Bounded AWS Account IDs

A list of AWS account-IDs that the access is restricted to (separated by comma)

**mandatory field

123325353,235234523

--bound-arn

Bounded ARNs

A list of full ARNs that the access is restricted to (separated by comma)

arn:aws:sts:{account-id}:assumed-role/{role-name}/{resource-id}, arn:aws:iam::{account-id}:user/{user-name}

--bound-role-name

Bounded Role Names

A list of full role-name that the access is restricted to (separated by comma)

role-name1,role-name2,role-name3

--bound-role-id

Bounded Role IDs

A list of full role ids that the access is restricted to (separated by comma)

role-id1,role-id2,role-id3

--bound-resource-id

A list of full resource ids that the access is restricted to (separated by comma)

resource-id1,resource-id2,resource-id3

--bound-user-name

Bounded User names

A list of full user-name that the access is restricted to (separated by comma)

user-name1,user-name2

--bound-user-id

A list of full user ids that the access is restricted (separated by comma)

user-id1,user-id2,user-id3

📘

Least Privileged Permissions

AWS IAM auth - does not require any privileges permissions. Make sure you have an IAM role, without any privileged permissions, and attach it to the resource you want to authenticate. (e.g. EC2 instance)


Did this page help you?