AWS IAM
UI
In order to create a new AWS-IAM authentication credentials, go to Auth Methods tab, click on new and select AWS-IAM.
CLI
you can also create new AWS-IAM authentication method with cli command:
akeyless create-auth-method-aws-iam
Options
CLI | UI | Description | Example |
|---|---|---|---|
-n, --name | Name | Auth Method name | |
--access-expires[=0] | Expiration Date | Access expiration date in Unix timestamp (select 0 for access without expiry date) | |
--bound-ips | Restricted IPs | A CIDR whitelist of the IPs that the access is restricted to | |
--bound-AWS-account-id | Bounded AWS Account IDs | A list of AWS account-IDs that the access is restricted to (separated by comma) **mandatory field | 123325353,235234523 |
--bound-arn | Bounded ARNs | A list of full ARNs that the access is restricted to (separated by comma) | arn:aws:sts:{account-id}:assumed-role/{role-name}/{resource-id}, arn:aws:iam::{account-id}:user/{user-name} |
--bound-role-name | Bounded Role Names | A list of full role-name that the access is restricted to (separated by comma) | role-name1,role-name2,role-name3 |
--bound-role-id | Bounded Role IDs | A list of full role ids that the access is restricted to (separated by comma) | role-id1,role-id2,role-id3 |
--bound-resource-id | A list of full resource ids that the access is restricted to (separated by comma) | resource-id1,resource-id2,resource-id3 | |
--bound-user-name | Bounded User names | A list of full user-name that the access is restricted to (separated by comma) | user-name1,user-name2 |
--bound-user-id | A list of full user ids that the access is restricted (separated by comma) | user-id1,user-id2,user-id3 |
Least Privileged Permissions
AWS IAM auth - does not require any privileges permissions. Make sure you have an IAM role, without any privileged permissions, and attach it to the resource you want to authenticate. (e.g. EC2 instance)
Updated 1 day ago