AWS
Last updated
Last updated
Installing P0 IAM management on AWS takes about 10 minutes.
Choose at least one account on which to install P0.
Make sure you have the ability to create roles, add trust relationships, and create and assign role polices. You can do this if you have the IAMFullAccess
policy attached to your user.
Navigate to "Integrations" on , then select "AWS". Choose the "IAM management" component:
Click the "Add account" button to begin the installation
Enter an AWS numeric account ID, then click "Next".
The next page will display commands you can run using the AWS CLI to provision P0. You can also run these commands using AWS Cloud Shell.
Copy and run these commands or use the Terraform configuration to deploy the changes. Click "Next" to verify the installation. If verification is successful you will be taken to the integration configuration page.
On the configuration page, you define how users are provisioned in AWS:
If users are defined in the account's IAM service, choose "IAs AWS IAM users".
If the user's names equal their email addresses choose "User name is user email".
If users are defined in the account's IAM service, but their user names do not equal their email, you'll need to add a tag to each user you want to allow access via P0. For example, with a tag named "Email":
Installing P0 resource inventory on AWS takes about 10 minutes.
Click "Add account"
Choose one of the AWS accounts already installed for IAM management:
Run the AWS CLI commands to configure Resource Explorer
Click "Next" to validate your setup. You will land on the resource inventory configuration page. Clicking "Next" again takes you back to the Resource inventory overview page.
And that's it. You're all set to start granting just-in-time, least-privileged access to AWS with P0.
An installed is required. Your AWS Account Federation Okta app must be in the same Okta organization as the one installed as the directory integration.
Enables the flag. This allows users to assume AWS roles assigned by P0 directly to their Okta user.
The resource inventory component extends the IAM management integration and allows requesting access in AWS.
Navigate to "Integrations" on , then select "AWS". Choose the "Resource inventory" component: