Configuring AWS Integration with Luminate Secure Access Cloud
Luminate Secure Access Cloud (TM) can provide Zero Trust Access to resources deployed in Amazon Web Services based on Tags associated with the resources. By implementing different tagging strategies, AWS administrators can build multi-dimensional access policies that connect logical Users / Groups / Roles (defined in the corporate Identity Provider) to logical groups of AWS resources (Production Environment vs Development Lab, Project A vs Project B) regardless of their network location.
In order to leverage these capabilities, one needs to define a new AWS Integration in the Luminate Administration Portal and perform the following configuration steps:
1. Create a new AWS Account Integration
In the Luminate Admin Portal, navigate to Settings -> AWS Settings and click on New Integration
Please choose the name that will be reflective of the AWS Account that you are integrating with.
2. Create a new role in your AWS Account
1. Open your AWS Management Console, navigate to IAM:
Choose "Create Role".
2. Choose "Another AWS Account"
3. Copy the Account ID field from the below dialog in Luminate Administration Portal:
4. Choose "Require External ID Option" and copy the External ID from the same dialog in Luminate Administration Portal.
5. Click Next, then choose Create Policy (please note that the Policy editing UI will be opened in a different tab).
3. Create an IAM Policy
1. Switch to JSON editing view in the Policy Create UI and paste the following policy:
2. Click Review Policy when done.
3. Choose a descriptive name for your policy and click Create Policy.
4. Return to the IAM Management Console tab and click on Refresh icon.
4. Complete the creation of a role
1. Look up your newly created policy in the list after the refresh:
2. Check the Check Box appearing at the line representing the newly create policy and click on Review.
3. Choose a name for your role and click Create Role:
4. Open the newly created Role and copy the Role ARN into the dialog in Luminate Administration Portal:
5. Click Save and Continue in Luminate Administration Portal.
5. Complete the AWS Integration
1. According to your tagging strategy, please choose a tag that represents the unique identification of the resource. For example, in EC2 Instances, the Name tag will contain the actual unique name of the machine. This tag can later be used when connecting to resources by unique identified/name as an alternative to connecting by private IP address.
2. Choose the regions where the relevant (for this integration) resources are hosted. Selecting relevant regions will allow our UI to resolve resource names automatically in an effective manner.
When extending the activity in the AWS Account to new regions, please edit the AWS Integration and check the newly added regions.
3. Click Save and Finish.
6. Validate that the integration is working
Please note that the status of the connection should become "Online".
Subscribing will provide email updates when this Article is updated. Login is required.