🔑AWS Key Management Service
Add Key Management Service
To integrate AWS Key Management Service into Regulait, on the Available Integrations page, click on the Key Management Service icon (marked with an arrow below).
In the "Add Integration" window below, we must provide the AWS Access Key and Secret Key.
Before obtaining these keys, we need to ensure that our Security Hub users in the AWS system have Read-Only Permissions.
These permissions are crucial for the Regulait system to gather information from the Integration App.
Regulait only requires Read-Only access, as it retrieves data solely for compliance purposes, without making any changes, deletions, or additions to the Key Management Service system.
The AWS System
In the AWS System, while other Integration Applications have a ready-to-use Permission Policy to attach to a User Group (see other AWS Integration options in this guide), the Key Management requires us to create a new Policy, to give read-only access Permissions to Users.
Start by using the search bar to open the Policies page (circled below).
On the top-right corner, click on the 'Create Policy' button (marked with an arrow below).
Select the KMS (Key Management Service) from the drop-down options menu (marked with an arrow below).
Now select the three Permission marked with arrows below, these are the necessary Permissions to grant Read-Only access to Users.
ListAliases
ListKeys
DescribeKey
After these Permissions have been selected, click on Next to move on to the next page.
after naming the Policy, click once again on the 'Create Policy' button (marked with an arrow below) to complete it.
Back on the AWS Console home page, we'll click on the IAM (Identity and Access Management) button (marked with an arrow below) to access User Groups and Permissions.
If, for some reason, you do not see an IAM button on the main Console page, search for "IAM" in the site's search bar.
Here, on the User Groups tab, we'll create a Group, give that Group the Read-Only Permission for Key Management Service, and any User added to the Group will automatically get these Permissions.
Start by clicking the Create Group button (marked with an arrow below).
Add Permissions to a User Group
On the Create Group page, after naming the Group and adding Users to it, select the Key Management Service (KMS) Read Only Access Permission Policy (marked with an arrow below).
After selecting the right Permission, click on the Create Group button (circled below).
Get the Access and Secret Keys
We've made sure that our Users have the Read-Only permissions for Key Management Service.
Now we'll click on our Admin name to open the drop-down options menu (marked with an arrow below).
On this menu, circled below, select Security Credentials.
Under 'Access Keys', click the 'Create Access Key' button (marked with an arrow below).
Adding the Integration in Regulait's System
Back on Regulait's Add Integration window, fill in a custom Integration name, and the created Keys.
Vendor Management for an Integration
Now select the proper Vendor that provides the Security Hub service.
To learn more about Vendor Management - click here.
If we don't have an appropriate Vendor, we can also create a Vendor here on the Add Integration window, and click on the Create Vendor button (marked with an arrow below).
After filling out all Mandatory fields, click on the Add Integration button (marked with an arrow below).
On the Installed Integration page, we can view our Installed Integrations, in the Image below, we can see one Key Management Service Integration installed.
To learn more about using and managing Integrations, continue to the Using Integrations guide chapter.
To return to the Integrations Guide hub, click here.
To return to the main guide hub, click here.
Last updated