The standards for operating in the Amazon Web Services cloud environment prescribe that a special IAM role be assigned to the Administration Server instance for working with AWS services. An IAM role is an IAM entity that defines the set of permissions for execution of requests to AWS services. The IAM role provides the permissions for cloud segment polling and installation of applications on instances.
After you create an IAM role and assign it to the Administration Server, you will be able to deploy protection of instances by using this role, without providing any additional information to Kaspersky Security Center.
However, it may be advisable to not create an IAM role for the Administration Server in the following cases:
In these cases, instead of creating an IAM role you will need to create an IAM user account, that will be used by Kaspersky Security Center to work with AWS services. Before starting to work with the Administration Server, create an IAM user account with an AWS IAM access key (hereinafter also referred to as IAM access key).
Creation of an IAM role or IAM user account requires the AWS Management Console. To work with the AWS Management Console, you will need a user name and password from an account in AWS.