Skip to main content

Authentication methods for AWS connectors

Use one of the supported authentication methods described below to configure AWS cloud service connectors in DigiCert​​®​​ Trust Lifecycle Manager.

If using AWS credentials from a default or named AWS profile, see the AWS file locations on DigiCert sensors section for requirements about where to store the config and credentials files.

Supported authentication methods

Select one of the below authentication methods and enter the requested parameters to configure the AWS credentials for the Trust Lifecycle Manager connector.

Important

Make sure the AWS credentials you use are for an AWS account that includes the following AWS managed policies or equivalent permissions, depending on the connector type:

  • AWS CloudFront: CloudFrontFullAccess, AWSCertificateManagerFullAccess, and IAMReadOnlyAccess.

  • AWS ELB (Application/Network): ElasticLoadBalancingFullAccess and AWSCertificateManagerFullAccess.

  • AWS unified (ACM access): See Minimum required permissions for AWS unified connectors.

AWS file locations on DigiCert sensors

For AWS cloud service connectors that use the Default AWS credential provider chain or AWS profile name authentication methods and supply credentials via the AWS config and credentials files, the managing DigiCert sensor expects to find the files in the default directories listed below.

Depending on the sensor type, place your AWS config and credentials files in the specified directory on the sensor system to ensure that your associated Trust Lifecycle Manager connectors can authenticate using the default AWS profile or named AWS profiles.

DigiCert sensor type

Default directory for AWS config and credentials files

Windows

C:\Windows\System32\config\systemprofile\.aws

Linux

/root/.aws

Docker

~/.aws/:/root/.aws

(Note: Add this path under "volumes" in the docker-compose.yml file.)