Use one of the supported authentication methods described below to configure AWS cloud service connectors in DigiCert® Trust Lifecycle Manager.
If using AWS credentials from a default or named AWS profile, see the AWS file locations on DigiCert sensors section for requirements about where to store the config and credentials files.
Select one of the below authentication methods and then enter the requested parameters to configure the AWS credentials for the Trust Lifecycle Manager connector.
Important
Make sure the AWS credentials you use are for an AWS account that includes the following AWS managed policies or equivalent permissions, depending on the connector type:
AWS CloudFront:
CloudFrontFullAccess,AWSCertificateManagerFullAccess, andIAMReadOnlyAccess.AWS ELB (Application/Network):
ElasticLoadBalancingFullAccessandAWSCertificateManagerFullAccess.AWS unified (ACM access): See Minimum required permissions for AWS unified connectors.
For AWS cloud service connectors that use the Default AWS credential provider chain or AWS profile name authentication methods and supply credentials via the AWS config and credentials files, the managing DigiCert sensor expects to find the files in the default directories listed below.
Depending on the sensor type, place your AWS config and credentials files in the specified directory on the sensor system to ensure that your associated Trust Lifecycle Manager connectors can authenticate using the default AWS profile or named AWS profiles.
DigiCert sensor type | Default directory for AWS config and credentials files |
|---|---|
Windows | C:\Windows\System32\config\systemprofile\.aws |
Linux | /root/.aws |
Docker | ~/.aws/:/root/.aws (Note: Add this path under "volumes" in the docker-compose.yml file.) |