Hello Edward
Thank you for helpfull advice.
I tried to set it, but it did not work well.
When I set "Update both", the following message appeared.
[PAM-CM-3391 = AWS Key Pair can be changed only by random generation.]
What should I do about that?
Best Regards,
Fumiko
Original Message:
Sent: 07-19-2019 09:51 AM
From: Edward Vogel
Subject: About changing the password of Cloud Console Account
It is very easy to test this. Login to the AWS Management console and create a new account on the IAM page. Download the csv file for the Access Key ID and Secret Access Key. Use them to create a new AWS Credentials account. Make sure that you set "Update both", so that the account will be put in sync. Without doing this you won't be able to rotate the password. Add this account to the AWS Management Console SSO service on the xceedium.aws.amazon.com device. You can also use this account on the 3rd Party page, instead of the account you might normally use. Confirm that you can login to the AWS Management Console and that PAM is able to refresh AWS devices successfully. You can now rotate the password, and should still be able to perform both tasks. I just tested this and it worked for me.
------------------------------
Principal Support Engineer
Broadcom
Original Message:
Sent: 07-18-2019 11:31 PM
From: Fumiko Nishimura
Subject: About changing the password of Cloud Console Account
Dear Joe,
Thank you for your immediate response and I am so sorry for my late reply.
I agree with you.
Many my customer tend to focus on "Password",
so they offen ask me if PAM can change a password of AWS console account.
I would like to tell your advice to them politely.
Thanks and Best regards,
Original Message:
Sent: 07-16-2019 10:22 AM
From: Joseph Fry
Subject: About changing the password of Cloud Console Account
Fumiko,
I am pretty sure that it will manage access keys just fine. In fact, I don't believe it supports passwords? Per the documentation:
For the AWS Access Credential Type setting, you have two options. Complete the other fields for the option you select:
Access keyEC2 Private key
PAM manages keys for several target application types (such as SSH keys)... its not just a password manager.
Joe
Original Message:
Sent: 07-16-2019 01:10 AM
From: Fumiko Nishimura
Subject: About changing the password of Cloud Console Account
Hi, Joseph
Thank you for your advice.
For Box I would like to suggest to my customer to use ADFS.
For AWS.
I saw that document before.
And then I thought I could not change a password because I set only Secret Access Key,not a password when I make the AWS account.
Is it not correct?
Thank you and best regards,
Original Message:
Sent: 07-12-2019 04:36 AM
From: Joseph Fry
Subject: About changing the password of Cloud Console Account
For AWS see: https://docops.ca.com/ca-privileged-access-manager/3-3/EN/implementing/protect-privileged-account-credentials/identify-target-applications-and-connectors/add-an-aws-access-credentials-target-connector
For Box, you would need to develop a custom connector that uses the Box api's: https://docops.ca.com/ca-privileged-access-manager/3-3/EN/implementing/protect-privileged-account-credentials/develop-custom-connectors-for-remote-targets. Unfortunately, I couldn't find any documentation on the Box site about using the api's or SDK's to change the admin account password (or any passwords for that matter). You may need to contact Box to see if changing passwords is even possible outside the webUI.
Hope that helps.
Original Message:
Sent: 07-11-2019 12:14 AM
From: Fumiko Nishimura
Subject: About changing the password of Cloud Console Account
Could you let me know.
My customer want to change the passwords of a Cloud Console below using PAM.
・AWS
・Azure
・Office 365
・BOX
After reading document, I guessed below.
・We can change the passwords of Azure and Office365 by using ADFS.
・We can NOT change the passwords of AWS and BOX.
Are they all correct?
If not correct, please let me know how I can change them?
Thank you in advance.