Quick reference

3 min

this section offers a quick reference to key prerequisites and high level implementation steps for basic testing procedures for the integration, see end to end test using aws cli docid 86 cfboswbnclqob7wggt pre implementation ensure your environment complies with the following requirements grant {{ch}} admin privileges grant aws admin privileges configure the {{ch}} dashboard connection with a tls certificate issued by a publicly trusted certificate authority implementation perform the following high level steps to implement this integration create aws credentials generate or select a user generate access keys select access key use case download and save csv file that contains access key id and secret access key credentials configure aws credentials in {{ch}} add cloud service credential information enter name select csv file that you downloaded in the previous step select service type amazonaws set up the amazon xks service in {{ch}} deploy the amazon xks service configure the service setup enter service name enter service category configure access control settings select the role that has access to the service by default for authorized resources (optional) select \[add additional resources ] configure service info settings enter cryptohub uri select the cloud service credential you created select the aws region that you intend to use the amazon xks in export aws proxy configuration select export aws proxy configuration enter a name export and download the json file create an external key store in aws in aws management console, search for external key stores , and select key management service (kms) select external key stores in the menu create an external key store configure create external key store settings enter a custom key store name for proxy connectivity, select public endpoint and specify the proxy uri endpoint for proxy configuration, upload the aws proxy configuration json file from {{ch}} note the custom key store id create xks key store in {{ch}} go to service management for amazon xks add a new key store configure create key store settings enter keystore name choose if you want {{ch}} keystore to sync with amazon aws keystore id if keystore sync is selected, this option isn't available if it isn't, paste the custom key store id from earlier create a key in the {{ch}} xks service go to service management for amazon xks create a new key configure key creation dialog settings sync key with amazon setting choice isn't significant enter key name enter key id select previously created key store create a key in the aws external key store in the aws management console, go to the created external key store create a kms key in this key store configure kms key store settings enter external key id check confirm use of external key store box enter a custom alias for the key (optional) define permissions, configure the key administrative, and usage permissions as needed post implementation after you complete the integration, perform the following tasks to validate it install aws cli test encryption and decryption save the bash script sh file make the script executable run the script to test the encryption and decryption of the xks key stored on {{ch}}