AWS IAM
UI
In order to create a new AWS-IAM authentication credentials, go to Auth Methods tab, click on new and select AWS-IAM. You will need an IAM role to associate with this resource. Please note the arn of IAM role(s) associated with this resource, we will use the arn to restrict access to the auth method.




CLI
you can also create new AWS-IAM authentication method with cli command:
akeyless create-auth-method-aws-iam
Options
CLI | UI | Description | Example |
---|---|---|---|
-n, --name | Name | Auth Method name | |
--access-expires[=0] | Expiration Date | Access expiration date in Unix timestamp (select 0 for access without expiry date) | |
--bound-ips | Restricted IPs | A CIDR whitelist of the IPs that the access is restricted to | |
--bound-AWS-account-id | Bounded AWS Account IDs | A list of AWS account-IDs that the access is restricted to (separated by comma) **mandatory field | 123325353,235234523 |
--bound-arn | Bounded ARNs | A list of full IAM role ARNs that the access is restricted to (separated by comma) | arn:aws:sts:{account-id}:assumed-role/{role-name}/{resource-id}, arn:aws:iam::{account-id}:user/{user-name} |
--bound-role-name | Bounded Role Names | A list of full role-name that the access is restricted to (separated by comma) | role-name1,role-name2,role-name3 |
--bound-role-id | Bounded Role IDs | A list of full role ids that the access is restricted to (separated by comma) | role-id1,role-id2,role-id3 |
--bound-resource-id | A list of full resource ids that the access is restricted to (separated by comma) | resource-id1,resource-id2,resource-id3 | |
--bound-user-name | Bounded User names | A list of full user-name that the access is restricted to (separated by comma) | user-name1,user-name2 |
--bound-user-id | A list of full user ids that the access is restricted (separated by comma) | user-id1,user-id2,user-id3 |
Least Privileged Permissions
AWS IAM auth - does not require any privileges permissions. Make sure you have an IAM role, without any privileged permissions, and attach it to the resource you want to authenticate. (e.g. EC2 instance)
Updated about 1 month ago