PingAuthorize

Setting up an Amazon S3 deployment package store

Follow these procedures to create and configure an Amazon Simple Storage Service (S3) bucket that you can publish deployment packages to from the Policy Editor for consumption by PingAuthorize Server.

See Using the Deployment Manager for the steps you need to complete for an end-to-end deployment package store configuration in embedded policy decision point (PDP) mode.

Creating an S3 bucket

About this task

To store your deployment packages, create a new S3 bucket in the S3 dashboard of Amazon Web Services (AWS) Management Console.

Steps

  1. In the AWS Management Console, on the S3 dashboard, go to Buckets and click Create bucket.

    Screen capture of the AWS S3 Buckets page, with the

  2. Configure the bucket.

    Learn more in Creating a bucket in the Amazon documentation.

Configuring the IAM user policy

About this task

To manage your deployment package store, configure a new identity and access management (IAM) policy in the IAM dashboard of AWS Management Console.

Steps

  1. In the AWS Management Console, on the IAM dashboard, go to Access Management → Policies and click Create policy.

    Screen capture of the Policies page with the Create policy button in the IAM dashboard of AWS Management Console

  2. In the Policy editor wizard, select the JSON tab and enter these permissions:

    Example:

    {
    "Version": "<policy_creation_date>",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": "*"
        }
    ]
}

    You can manage S3 bucket access in multiple ways, including IAM policies, S3 policies, or S3 access control lists (ACLs). We provide a working IAM policy example, but you should be aware of current AWS best practices, industry best practices, and your organization’s conventions when configuring S3 bucket access.

    Replace the asterisk wildcard character to restrict the access scope of the previous policy.

  3. Complete the Create policy wizard according to your organization’s specifications.

  4. On the Review and create confirmation page, review your configurations and click Create policy to create the IAM user policy.

Configuring the IAM user

About this task

To publish to your AWS deployment package store from the Policy Editor, configure a new IAM user to access the S3 bucket in accordance with the policy you created in Configuring the IAM user policy.

Steps

  1. Sign on to the IAM dashboard in AWS Management Console.

  2. Go to Access Management → Users and click Add users.

    Screen capture of the Users page with the Add users button in the IAM dashboard of AWS Management Console

  3. Define a username and choose Programmatic access as the credential type.

  4. Proceed to the Set permissions page. Select Attach existing policies directly and select the policy you created in Configuring the IAM user policy.

    1. Optional: Select Create policy to configure a different user policy.

  5. Complete the Add user wizard according to your organization’s specifications.

    1. Optional: Attach user attribute tags.

  6. On the Review user confirmation page, review your configurations and click Create user to create the IAM user.

  7. Capture both the Access key ID and Secret access key values for use in configuring connections to the Policy Editor and PingAuthorize Server.

    These credential values can’t be recovered at a later time.
    Screen capture of the IAM Add user Success screen with the Access key ID and Secret access key highlighted