Set up communication between AWS Cloud Key Management and the KMES Series 3
Before the KMES Series 3 can push key material to AWS KMS, you must create credentials in the AWS IAM service and then configure them on the KMES. In AWS IAM, these credentials are Access Keys. On the KMES, the credentials are Cloud Credentials. These credentials enable communication between the KMES Series 3 and AWS KMS.
Log in to the AWS Management Console.
Navigate to the Identity and Access Management (IAM) service:
On the right toolbar, under Quick Links, go to My Security Credentials.
This page has the following tabs: AWS IAM Credentials, AWS CodeCommit Credentials, and Amazon MCS Credentials. Go to the first tab, AWS IAM Credentials.
Under Access keys for CLI, SDK, and API access select [ Create access key ].
Create a symmetric access key. After you finish, you get the Access Key ID and Secret Access Key. Either write the values down and populate a CSV with them, or use the on-page option to download and save the CSV. It coes in the following format:
This is the only time you can view your secret key, so write it down or save it now.
Copy or move the CSV file containing the Access Key to the storage medium configured on your KMES Series 3 device.
Log in to the KMES Series 3 application interface by using the default admin identities.
Navigate to Identity Management > Cloud Credentials.
Right-click and select Add > Cloud Credential. Use the following information when creating the Cloud Credential:
Option
Recommendation
Name
Choose a descriptive name.
Service
Amazon Web Services.
Access Name
Leave this blank because it auto-populates after import.
Select [ Import ] and then select the CSV file with your Key IDs.
Select [ OK ] to save.