Managing your cloud provider account

You can add and configure the Amazon Web Services cloud provider in the Privileged Access Service system by performing the following steps.

To add a cloud provider

  1. In the Admin Portal, click Resources > Cloud Providers. Click Add Cloud Provider: add a Name and Account ID. Click Next.
  2. You can choose to vault your root user account or click Next . Note the Centrify Browser Extension is required to perform root account login and password rotation capabilities. Vault the root user password by entering the Root user email address and Password. After specifying the root account credentials, you can optionally select to enable interactive password management, which provides automated guidance for updating and managing the root account password. Under Interactive password rotation , set values for Enable interactive password rotation. By selecting Yes, you can further set the following:
  • Prompt to change root password every login and password checkin: Displays a prompt with an option to interactively rotate the root account password after every root account login attempt or password checkin.
  • Enable password rotation reminders: Displays a banner message with an option to interactively rotate the root account password after the specified minimum number of days since last rotation has expired. Enabling this also allows you to set the minimum number of days since last rotation to trigger a reminder.

Once you have made all the password rotation settings, click Next.

  1. Next, assign permissions to the root user account. Click Add to add a user, group, or role through the wizard. Click the checkboxes of permissions you wish to assign the user and lick Next.
  2. And finally, optionally configure MFA challenge rules for root account login and password checkout. Click Add Rule to configure challenge conditions and set authentication profiles. Click Add Filter to add a filter. For more information on authentication rules, see Creating authentication rules.
  3. Click Done.

Once you have added a cloud provider you can perform the following actions on an individual cloud provider: Add to Set, Delete, and if you vaulted your root account you can Login to that cloud provider. Additionally, you can:

  • vault IAM users,
  • manage root accounts,
  • add IAM users,
  • assign permissions,
  • manage activity,
  • assign policy,
  • view policy summary, and
  • add/modify sets of cloud providers.

To learn more about cloud provider capabilities select from the following topics: