An IAM user account is required for working with Kaspersky Security Center if the Administration Server has not been assigned an IAM role with permissions for device discovery and installation of applications on instances. The same account, or a different account, is also required for backing up the Administration Server data task if you use an S3 bucket. You can create one IAM user account with all the necessary permissions, or you can create two separate user accounts.
An IAM access key that you will need to provide to Kaspersky Security Center during initial configuration is automatically created for the IAM user. An IAM access key consists of an access key ID and a secret key. For more details about the IAM service, please refer to the following AWS reference pages:
To create an IAM user account with the necessary permissions:
List of services in AWS Management Console
A window opens containing a list of user names and a menu that lets you work with the tool.
After you add permissions, view them for accuracy. In case of a mistaken selection, go back to the previous screen and make the selection again.
The newly created account is displayed in the list of IAM user accounts that corresponds to your account in AWS.
When deploying Kaspersky Security Center in a cloud segment, you must specify that you are using an IAM user account and provide the access key ID and secret access key to Kaspersky Security Center.
The addresses of web pages cited in this document were correct as of January 2019.