About Amazon credentials
You can create and use Amazon credentials with AWS services that are supported natively by Trust Protection Platform. See Supported integrations with Trust Protection Platform.
You create Amazon credentials in the same way you create other credentials in Trust Protection Platform. But the Amazon Credential offers three options for the source of your Amazon credential: Local, Active Directory Federated Services (ADFS), and EC2 Assigned Role.
-
Local stores your password credentials in Trust Protection Platform.
-
ADFS uses Active Directory credentials to authenticate with AWS using ADFS (SAML 2.0).
-
EC2 Assigned Role (added in Trust Protection Platform version 20.4) is for use with instances of Trust Protection Platform that are running in EC2. You can use this role to acquire temporary access keys for issuing certificates from AWS, provisioning them, and for Onboard Discovery.
NOTE As an added security measure, you must be a master administrator or have been added to AWS EC2 Role Authorized Identities by a master administrator to use the EC2 Assigned Role mode. Without this security control, any user would be able to use this mode without the ability of administrators to verify it. Master administrators can add non-master administrator user accounts, as well as groups in Policy Tree (Platforms tree > Platforms > AWS EC2 Role Authorized Identities tab).
For common questions and answers about Amazon credentials, see FAQ: Amazon Credentials.