AWS Target

You can define an AWS target to be used with an AWS dynamic secrets or an AWS rotated secrets.

Create an AWS Target from the CLI

To create an AWS target from the CLI, run the following command:

akeyless create-aws-target \
--name <target name> \
--access-key-id <AWS Access ID> \
--access-key <AWS Access Key> \
--region <AWS region>

Where:

  • name: A unique name of the target. The name can include the path to the virtual folder where you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

  • access-key-id: The access key ID assigned to an admin user that will be used to authenticate Akeyless with AWS.

  • access-key: The Access Key of the admin user.

  • region: The AWS region.

You can find the complete list of parameters for this command in the CLI Reference - Akeyless Targets section.

Create an AWS Target in the Akeyless Console

  1. Log in to the Akeyless Console, and go to Targets > New > Cloud Targets > AWS.

  2. Define a Name of the target, and specify the Location as a path to the virtual folder where you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

  3. Choose your preferred authentication mode by selecting one of the options:

    • Check the Use Credentials radio button to authenticate with the AWS admin user credentials.

    • Check the Use Gateway's Cloud Identity option to authenticate with local Gateway's Cloud IAM.

๐Ÿ“˜

Note

Use Gateway's Cloud Identity relevant for cases where your Gateway uses an AWS IAM to authenticate against Akeyless. Make sure the relevant IAM Role have enough permissions to perform the required actions.

For example, when you set up a Dynamic Secret for AWS, the target can be used for the temporary service account creation.

  1. Define the remaining parameters as follows:
  • Access Key ID: If you selected the Use Credentials option in the previous step, specify the Access ID assigned to the admin user you created to authenticate Akeyless with AWS.

  • Secret Access Key: Specify the Access Key assigned to the admin user you created to authenticate Akeyless with AWS.

  • Region: Enter the AWS region that the temporary credentials are permitted to access.

  • Session Token: Token is required only for temporary security credentials retrieved via STS. Otherwise, it can be left empty.

  • Protection key: To enable Zero-Knowledge, select a key with a Customer Fragment. For more information about Zero-Knowledge, see Implement Zero Knowledge.

  1. Click Save.

Did this page help you?