AWS Key Management Service
Last updated
Last updated
To incorporate the AWS Key Management Service into the Complico system, navigate to the Available Integrations page and select the Key Management Service icon, as indicated by the arrow below.
In the "Add Integration" window depicted below, it is essential to furnish the AWS Access Key and Secret Key.
Prior to acquiring these keys, it is imperative to verify that our Security Hub users within the AWS system possess Read-Only Permissions.
These permissions play a vital role in enabling the Complico system to collect information from the Integration App.
Complico exclusively necessitates Read-Only access, utilizing the retrieved data solely for compliance purposes, without initiating any alterations, deletions, or additions to the Key Management Service system.
Initiate this process by utilizing the search bar to access the Policies page, circled below.
Navigate to the top-right corner and select the 'Create Policy' button, as indicated by the arrow below.
Choose KMS (Key Management Service) from the drop-down options menu, as denoted by the arrow below.
Now, opt for the three permissions indicated by the arrows below.
These permissions are essential for providing Read-Only access to users.
ListAliases
ListKeys
DescribeKey
Once these permissions have been selected, proceed by clicking on "Next" to advance to the next page.
After assigning a name to the policy, click once again on the 'Create Policy' button, as indicated by the arrow below, to finalize and create the policy.
On the AWS Console home page, proceed by clicking on the IAM (Identity and Access Management) button, as marked by the arrow below, to access User Groups and Permissions.
In case the IAM button is not visible on the main Console page, use the site's search bar and enter "IAM" to locate it.
In the User Groups tab, initiate the process by clicking on the "Create Group" button, as indicated by the arrow below.
Subsequently, provide the created group with Read-Only Permission for the Key Management Service, ensuring that any user added to the group automatically inherits these permissions.
On the Create Group page, after assigning a name to the group and adding users to it, choose the Key Management Service (KMS) Read Only Access Permission Policy, as highlighted by the arrow below.
Following the selection of the appropriate permission, click on the "Create Group" button, circled below.
Having ensured that our users possess the Read-Only permissions for the Key Management Service, proceed by clicking on the Admin name to reveal the drop-down options menu, as indicated by the arrow below.
From this menu, highlighted in the circle below, choose "Security Credentials."
Within the 'Access Keys' section, select the 'Create Access Key' button, as denoted by the arrow below.
Return to Complico's 'Add Integration' window and input a custom integration name along with the keys you have created.
Now, choose the appropriate Vendor that offers the Security Hub service.
If there isn't a suitable Vendor available, you can also create a Vendor directly in the 'Add Integration' window.
Click on the 'Create Vendor' button, as indicated by the arrow below.
Once all mandatory fields are completed, proceed by clicking on the 'Add Integration' button, as indicated by the arrow below.
On the Installed Integration page, you can review the integrations that have been installed.
In the image below, you can observe an example of the Key Management Service Integration that has already been installed.
Within the AWS System, unlike other Integration Applications that provide pre-configured Permission Policies for attachment to a User Group (as illustrated in other AWS Integration options in), the Key Management necessitates the creation of a new Policy to grant Read-Only access Permissions to Users.
To return to the
To return to the
