Creating an IAM user account for work with Kaspersky Security Center

An IAM user account is required for working with Kaspersky Security Center if the Administration Server has not been assigned an IAM role with permissions for device discovery and installation of applications on instances. The same account, or a different account, is also required for backing up the Administration Server data task if you use an S3 bucket. You can create one IAM user account with all the necessary permissions, or you can create two separate user accounts.

An IAM access key that you will need to provide to Kaspersky Security Center during initial configuration is automatically created for the IAM user. An IAM access key consists of an access key ID and a secret key. For more details about the IAM service, please refer to the following AWS reference pages:

• http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html.
• http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html#UseCase_EC2.

To create an IAM user account with the necessary permissions:

1. Open the AWS Management Console and sign in under your account.
2. In the list of AWS services, select IAM (as shown in the figure below).

   

   List of services in the AWS Management Console

   A window opens containing a list of user names and a menu that lets you work with the tool.

3. Navigate through the areas of the console dealing with user accounts, and add a new user name or names.
4. For the user(s) you add, specify the following AWS properties:
   • Access type: Programmatic Access.
   • Permissions boundary not set.
   • Permissions:
     • ReadOnlyAccess—If you plan to run only cloud segment polling and do not plan to install applications on EC2 instances using AWS API.
     • ReadOnlyAccess and AmazonSSMFullAccess—If you plan to run cloud segment polling and install applications on EC2 instances using AWS API. In this case, you must assign an IAM role with the AmazonEC2RoleforSSM permission to the protected EC2 instances.

     After you add permissions, view them for accuracy. In case of a mistaken selection, go back to the previous screen and make the selection again.

5. After you create the user account, a table appears containing the IAM access key of the new IAM user. The access key ID is displayed in the Access key ID column. The secret key is displayed as asterisks in the Secret access key column. To view the secret key, click Show.

The newly created account is displayed in the list of IAM user accounts that corresponds to your account in AWS.

When deploying Kaspersky Security Center in a cloud segment, you must specify that you are using an IAM user account and provide the access key ID and secret access key to Kaspersky Security Center.

The addresses of web pages cited in this document are correct as of the Kaspersky Security Center release date.

See also: Creating an IAM role for the Administration Server Step 3. Authorization in the cloud environment Scenario: Deployment for cloud environment

Page top