Kaspersky Security Center 14 Windows
14
English

Contents

Step 3. Authorization in the cloud environment

Expand all | Collapse all

AWS

If you selected AWS, either specify that you have an IAM role with the required rights, or provide Kaspersky Security Center with an AWS IAM access key. Cloud segment polling is not possible without an IAM role or an AWS IAM access key.

Specify the following settings for the connection that will be used for further polling of the cloud segment:

  • Connection name

    Enter a name for the connection. The name cannot contain more than 256 characters. Only Unicode characters are permitted.

    This name will also be used as the name for the administration group for the cloud devices.

    If you plan to work with more than one cloud environment, you might want to include the name of the environment in the connection name, for example, "Azure Segment", "AWS Segment", or "Google Segment".

  • Use AWS IAM role
  • Use AWS IAM user account

    Select this option if you have an IAM user account with the necessary permissions and you can enter a key ID and secret key.

    • Access key ID

      The IAM access key ID is a sequence of alphanumeric characters. You received the key ID when you created the IAM user account.

      The field is available if you selected an AWS IAM access key for authorization instead of an IAM role.

    • Secret key

      The secret key that you received with the access key ID when you created the IAM user account.

      The characters of the secret key are displayed as asterisks. After you begin entering the secret key, the Show button is displayed. Click and hold this button for the necessary amount of time to view the characters you entered.

      The field is available if you selected an AWS IAM access key for authorization instead of an IAM role.

This connection is saved in the application settings. The Cloud Environment Configuration Wizard allows you to create only a single AWS IAM access key. Subsequently, you can specify more connections to manage other cloud segments.

If you want to install applications on instances through Kaspersky Security Center, you must make sure that your IAM role (or the IAM user whose account is associated with the key that you are entering) has all the necessary permissions.

Azure

If you selected Azure, specify the following settings for the connection that will be used for further polling the cloud segment:

  • Connection name

    Enter a name for the connection. The name cannot contain more than 256 characters. Only Unicode characters are permitted.

    This name will also be used as the name for the administration group for the cloud devices.

    If you plan to work with more than one cloud environment, you might want to include the name of the environment in the connection name, for example, "Azure Segment", "AWS Segment", or "Google Segment".

  • Azure Application ID

    You created this application ID on the Azure portal.

    You can provide only one Azure Application ID for polling and other purposes. If you want to poll another Azure segment, you must first delete the existing Azure connection.

  • Azure Subscription ID

    You created the subscription on the Azure portal.

  • Azure Application password

    You received the password of the Application ID when you created the Application ID.

    The characters of the password are displayed as asterisks. After you begin entering the password, the Show button becomes available. Click and hold this button to view the characters you entered.

  • Azure storage account name

    You created the name of the Azure storage account for working with Kaspersky Security Center.

  • Azure storage access key

    You received a password (key) when you created Azure storage account for working with Kaspersky Security Center.

    The key is available in section "Overview of the Azure storage account," in subsection "Keys."

This connection is saved in the application settings.

Google Cloud

If you selected Google Cloud, specify the following settings for the connection that will be used for further polling the cloud segment:

  • Connection name

    Enter a name for the connection. The name cannot contain more than 256 characters. Only Unicode characters are permitted.

    This name will also be used as the name for the administration group for the cloud devices.

    If you plan to work with more than one cloud environment, you might want to include the name of the environment in the connection name, for example, "Azure Segment", "AWS Segment", or "Google Segment".

  • Client email

    Client email is the email address that you used for registering your project at Google Cloud.

  • Project ID

    Project ID is the ID that you received when you registered your project at Google Cloud.

  • Private key

    Private key is the sequence of characters that you received as your private key when you registered your project at Google Cloud. You might want to copy and paste this sequence to avoid mistakes.

This connection is saved in the application settings.

See also:

Scenario: Deployment for cloud environment
Page top
[Topic 148964]