Close
logodocs

Configure AWS Cloud

This feature is currently in open beta. Functionality and documentation may change.

To manage access to your AWS Cloud Environment via strongDM, you will need to have an AWS Access Key ID and AWS Secret Access Key prepared. The scope of this key will determine which AWS CLI commands your Users will be able to execute through strongDM, so consider that when generating the key.

Once you have your AWS key, you can set up a Cloud resource in the strongDM Admin UI. Users will also need to have the strongDM GUI and the AWS CLI installed to access the Cloud resource.

Your Gateways/Relays must be running at least version 31.10 to support usage of the AWS CLI to administer your AWS Cloud.

Admin UI setup steps

To set up your AWS Cloud in strongDM, go to Admin UI > Clouds > Add Cloud and click the Add Cloud button.

Note that this is the method by which to set up your AWS Cloud, and manage it with AWS CLI. If you intend to connect to a specific AWS-hosted resource, such as an Athena DB or an EC2 instance, those resources need to be set up separately in the appropriate areas of the Admin UI.

Add AWS Cloud
Add AWS Cloud

The minimum fields that need to be populated for the AWS Cloud Type are:

  • Access Key ID
  • Secret Access Key
  • Healthcheck Region (AWS Region so that the Healthcheck can check whether it is currently up or down).

There is also an optional field you can provide:

  • Assume Role ARN - if you want the User to assume a specific role after connecting

Logging

In the Cloud Logs section of the Admin UI, you can find all of the activities of your Users that accessed the Cloud resource. Note that any secrets displayed in the Cloud Logs are only placeholder values, no actual keys or secrets are ever exposed in plain text in the Admin UI.

User setup steps and usage

In order to access the AWS Cloud resource via strongDM, Users will need to install:

  • The strongDM GUI.
  • The latest version of the strongDM CLI. If the CLI is already installed, you can run sdm update in the CLI to update it. Alternatively, if any updates are available, you can open the GUI and click the "upgrade" button which will appear.
  • The AWS CLI - we support both v1 and v2, but encourage the use of v2.
  • The AWS-CLI configuration file should be set up (or updated) to include a region, as explained in the AWS documentation.

Make sure to exit and restart your GUI before connecting for the first time.

In the GUI, pick the AWS Cloud resource you want to connect to. Note that you can only be connected to one Cloud resource at a time, and selecting a new one will disconnect from the previously selected one.

Now, you may open a terminal and use the AWS CLI through strongDM, using the base syntax of sdm aws cli where you normally would start a command with just aws.

The general syntax is sdm aws cli <commands>. To test that everything is working, try:

sdm aws cli s3 ls
sdm aws cli ec2 describe-instances

Commands will always be the same as they are with the AWS CLI, just with the sdm aws cli prefix instead.

Installation — Previous
strongDM Gateway AMI Installation Guide
Next — Installation
Configure Logging