Table of Contents
AWS Connector allows to manage the Amazon AWS IAM (Identity and Access Management)
This connector is specific for integration with the Amazon AWS IAM (Identity and Access Management) through the CLI AWS IAM
If your system is not in the previously list, it's possible to include it easily! For more information to check if your system may be synchronized with this connector you do not hesitate to contact us through our Contact form |
It is needed a AWS IAM user with access and privileges to the required operations.
It cannot detect password changes to be propagated to other systems.
This addon is located in the Connectors section and its name is AWS plugin.
For download and install the addon you could review our generic documentation about this process: Addons installation |
After the installation of the addon, you may create and configure agent instances.
To configure this AWS connector you must select "Amazon WS" in the attribute "Type" of the generic parameters section in the agents page configuration.
For more information about how you may configure the generic parameters of the agent, see the following link: Agents configuration |
Below there are the specific parameters for this agent implementation:
| Parameter | Description |
|---|---|
| Access Key | Access key provided by the AWS IAM account |
Secret Key | Secret key provided by the AWS IAM account |
| AWS Endpoint | AWS endpoint provided by the AWS IAM account |
| Enable debug | Two options: [ Yes / No ]. When it is enabled more log traces are printed in the Synchronization Server log |
This connector could manage Users and Roles.
The following properties are defined for each object type:
Property | Meaning |
|---|---|
| preventDeletion (optional) | Two options: [ True / False ]. If it is "true", it prevents to delete any no longer needed object |
Users
The following attributes can be mapped on User objects
Attribute | Value |
|---|---|
| userName | User name |
| path | User path |
| arn | AWS arn (read only) |
| createDate | Creation date (read only) |
| passwordLastUsed | Passsword last use (read only) |
| userId | Internal user id |
Groups
The following attributes can be mapped on Role (AWS Group) objects:
Attribute | Value |
|---|---|
| groupName | Group name |
| path | Group path |
| arn | AWS arn (read only) |
| createDate | Creation date (read only) |
| groupId | Internal group id |
For more information about how you may configure attribute mapping, see the following link: Soffid Attribute Mapping Reference |
For example:
Pending to be documented.
Pending to be documented.
After the agent configuration you could check in the monitoring page if the service is running in the Synchronization Server, please go to "Start Menu > Monitoring and reporting > System monitoring".
If you are checked "Authorized identity source", an automatic task to load identities from the managed system to Soffid is available, please go to "Start Menu > Processes and Tasks > Manage automatic tasks", and you will something like "Import authoritative data from <AGENT_NAME>".
If your are configured the "Attribute Mapping" tab with some of our objects: "user, account, role, group or grant", an automatic task to synchronize these objects from the managed system to Soffid is available, please go to "Start Menu > Processes and Tasks > Manage automatic tasks", and you will something like "Reconcile all accounts from <AGENT_NAME>".
About the synchronization of the objects, there are two possible options:
For more information about how you may configure attribute mapping, see the following link: Soffid Attribute Mapping Reference