Set up communication between AWS Cloud Key Management and the KMES Series 3

Before the KMES Series 3 can push key material to AWS KMS, you must create credentials in the AWS IAM service and then configure them on the KMES. In AWS IAM, these credentials are Access Keys. On the KMES, the credentials are Cloud Credentials. These credentials enable communication between the KMES Series 3 and AWS KMS.

Create an access key in AWS IAM

Navigate to the Identity and Access Management (IAM) service:https://console.aws.amazon.com/iam/home

On the right toolbar, under Quick Links, go to My Security Credentials.

This page has the following tabs:AWS IAM Credentials,AWS CodeCommit Credentials, and Amazon MCS Credentials. Go to the first tab,AWS IAM Credentials.

Under Access keys for CLI, SDK, and API access, select [ Create access key ].

Create a symmetric access key. After you finish, you get the Access Key ID and Secret Access Key. Either write the values down and populate a CSV with them, or use the on-page option to download and save the CSV in the following format:

None

Access key ID,Secret access key
AccessID,AccessKey

This is the only time you can view your secret key, so write it down or save it now.

Copy or move the CSV file containing the Access Key to the storage medium configured on your KMES Series 3 device.

Create a cloud credential

Perform the following steps to create a cloud credential on the KMES:

Navigate to Identity Management > Cloud Credentials.

Right-click and select Add> Cloud Credential. Use the following information when creating the Cloud Credential:

Option	Recommendation
Name	Choose a descriptive name.
Service	Amazon Web Services.
Access Name	Leave this blank because it auto-populates after import.

Select [ Import ] and then select the CSV file with your key IDs.

Select [ OK ] to save.

⌘I

​Create an access key in AWS IAM

​Create a cloud credential

Create an access key in AWS IAM

Create a cloud credential