Hi Developers
We are currently working on automating the privilege task for creating groups in Active Directory. As part of this process, we are trying to configure the “Credential Provider” in Identity Security Cloud (ISC) to retrieve credentials securely from “AWS Secrets Manager”, using the “IAM Role” authentication option.
Steps Performed:
- We configured “AWS Secrets Manager” to store and manage credentials required for AD group creation.
- In ISC, we set up the “Credential Provider” and selected the “IAM Role” authentication method.
- We attempted to retrieve the secret via “AWS CLI” to validate access and functionality.
- However, we encountered the error “Command not found” when running the AWS CLI command inside the SailPoint Virtual Appliance (VA), indicating that AWS CLI is not installed.
- We attempted to install the AWS CLI on the VA, but it appears that such modifications are restricted, and we are unable to proceed.
Questions/Clarifications:
- Since AWS CLI is not available and cannot be installed on the SailPoint VA, how should we validate or test credential retrieval using the IAM Role?
- When using the “IAM Role” option in ISC, how does the system determine which “IAM Role” to assume for retrieving the secret from AWS Secrets Manager?
- Is there a need to configure an “Identity Provider (IdP)” or additional trust relationships in AWS to allow SailPoint VA to assume the correct IAM Role?
I would really appreciate your help.
Regards
Vatan
