Create a AWS IAM Role Integration for an AWS IAM Role

Aembit uses the AWS IAM Role Credential Provider Integration to enable you to retrieve credentials using the AWS IAM Role you specify.

This page details everything you need to create an AWS IAM Role Credential Provider Integration. This integration requires the use of an AWS IAM Role that has the necessary permissions to access the resources you want to manage with Aembit.

Configure a AWS IAM Role integration

To create a AWS IAM Role integration, follow these steps:

1. Log into your Aembit Tenant, and go to Credential Providers -> Integrations in the left sidebar.

   

2. (Optional) In the top right corner, select the Resource Set that you want this Credential Provider Integration to reside.

3. Click + New, which displays the Integration pop out menu.

4. Select AWS IAM Role.

5. Fill out the following fields on the AWS IAM Role form:

   • Display Name - Enter a unique name for this integration.

   • Description - (Optional) Enter a description.

6. In the Configuration section, enter the following information:

   • AWS IAM Role ARN - Enter the Amazon Resource Name (ARN) of the AWS IAM Role that you want to use for this integration. This role must have the necessary permissions to access the resources you want to manage with Aembit.

     AWS IAM Role ARN location

     You can find the ARN of an AWS IAM Role in the AWS Management Console under IAM -> Roles, then select the role you want to use. AWS displays the role ARN at the top of the role’s Summary page.

   • Lifetime - Specify the duration of the temporary AWS credentials which Aembit uses to access AWS resources (default: 3600 seconds).

7. Click Save.

   Aembit displays the new integration in the list of Credential Provider Integrations.

Next steps

Now that you’ve created a AWS Secrets Manager Credential Provider Integration, create a AWS Secrets Manager Value Credential Provider to use with your Server Workloads.