Skip to content

Add a Cloud Keystore to AWS

Before you begin

  • You need to add a cloud provider first. If you still need to do this, see the following integration guide Configure AWS connection.
  1. Sign in to Venafi Control Plane.
  2. Click Installations > Cloud Keystores.
  3. Click New and select AWS.
  4. Enter a Name for the new cloud keystore.
  5. Select an Owning Team. If you need to create a new team, see create a new team.

  6. Select an Authorized Team.

    Note

    • Owning Team - The Owning Team is responsible for the administration, management, and control of a designated cloud provider, with the authority to update, modify, and delete cloud provider resources.
    • Authorized Team - The Authorize Team is granted permission to use specific resources of a cloud provider. Although team members can perform tasks like creating a keystore, their permissions may be limited regarding broader modifications to the provider's configuration. Unlike the Owning Team, users may not have the authority to update and delete Cloud Providers.

  7. Select an AWS Cloud Provider.

  8. Select an ACM Region.
  9. (Optional) To begin discovery once the keystore is created, an option to discover certificates on your keystore, select the toggle switches to turn on toggle "Start discovery immediately" and "Include expired certificates". After creating the keystore, refer to Set up AWS Discovery Schedule to create your schedule.
  10. Click Save. You should now see your new cloud keystore in the Cloud Keystore list.