This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Roman_Kats
Employee
Employee
‎2023-04-10 12:48 AM
In response to AK2

Are you saying that the CME config for AWS copied during database sync "won't work" if the AWS controller credentials are IAM based? (I assume, deployed as part of Cloud Formation).

Answer:
The IAM role designed so that applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. But the instance can be AWS only.
When CME runs on secondary management in Azure it can't use the IAM role to authorize and make API request to AWS account (as IAM is AWS Identity).
Therefore Access and secret keys should be used.

As for error that you get for secondary management in AWS, it doesn't have IAM role attached to it:
Time difference is 0:00:00.997256
ERROR: Controller gwlb-controller failed
ERROR details: no role in meta-data

For more information about AWS authentication methods refer to:
Refer to sk130372 > 3. Creating an AWS IAM User and IAM Role section.

For configuring AWS controller in CME to use access and secret keys refer to CME admin guide:
https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/CME_Structure_... 

Example of configuring   CME AWS controller with access and secret key via autoprov_cfg command line utility:
autoprov_cfg add controller AWS -cn <NAME> -r eu-west-1,eu-central-1 -ak <ACCESS-KEY> -sk <SECRET-KEY>

Thanks,
Roman

View solution in original post

(1)
Who rated this post