PingOne Privilege

Configuring an AWS gateway

Administrators can configure an AWS gateway in PingOne Privilege after onboarding an AWS EKS account. There are two methods to add a gateway in PingOne Privilege, depending on whether the cross-account role used for onboarding includes EC2 permissions:

Adding a gateway - Admin console method

If the cross-account role used for onboarding an AWS account includes the necessary EC2 permissions, you can configure an AWS gateway with the following steps:

  1. In the PingOne Privilege admin console in the sidebar, go to Cloud > Gateways.

  2. Click Add New.

  3. On the AWS provider tab, enter the following details:

    • Account

    • Region

    • VPC ID

    • Key Pair

    • Subnet ID

  4. Click Add Gateway.

After a gateway is added, the PingOne Privilege controller automatically discovers which cloud resources can be reached through that gateway.

Adding a gateway - CloudFormation method

If the cross-account role doesn’t include the necessary EC2 permissions, you can configure an AWS gateway with the following steps:

  1. In the PingOne Privilege admin console, go to Cloud > Gateways.

  2. Click Add New.

  3. Click the Docker icon to open the deployment modal.

  4. Select Proxy Token.

  5. Enter a unique Cluster ID to identify the gateway cluster.

  6. Click Generate Token and copy the displayed proxy token.

  7. Launch the CloudFormation template in your AWS account. When prompted during stack creation, paste the copied proxy token.