Skip to main content

Granting Full Access on your KMS to Starton

info

Granting full access to Starton enables you to dynamically create new wallets with the Starton API.

Creating a new policy before the IAM creation

Before granting access to your KMS, you need to create a Policy to define permissions associated to the IAM we will create.

  1. On AWS, go to the Identity and Access Management (IAM) dashboard.
  2. In Access Management, go to Policies. (img)
  3. Click Create Policy.
  4. Go to JSON.
  5. Copy the following .json and paste it in the tab.
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": "iam:CreateServiceLinkedRole",
			"Resource": "arn:aws:iam::*:role/aws-service-role/*"
		},
		{
			"Effect": "Allow",
			"Action": "kms:*",
			"Resource": "*"
		}
	]
}
  1. Click on Next:Tags.
  2. Click Review.
  3. Enter a Name for the policy.
  4. Click Create policy.

Create a new IAM user for Starton

  1. Access AWS Users.
  2. Click Add users.
  3. Set username to kms.

caution

Setting username to kms is mandatory. Do not enter another username.

  1. In Select AWS access type, check Access key - Programmatic access.
  1. Select Attach existing policies directly.
  2. Select the kms policy name.
  3. Click Next:Tags.

info

Adding tags is optional.

  1. Click Next:Review.
  2. Review the kms user:

info

AWS access type must be set to Programmatic access - with an access key.

  1. Click Create user to get the Access Key Id and Secret Access Key for your KMS.

Importing a Key Management System on Starton

  1. From the Dashboard, click Settings.
  2. In KMS, click + KMS.
  3. Enter your KMS information:
ParameterDescription
KMS nameThe name of your Key Management System on the Dashboard.
Account idThe 12 digit number you can find it in the top-right corner of your AWS Dashboard.
Access key idThe Access Key ID of the new IAM user available after completing this step.
Secret access keyThe Secret access key of the new IAM user available after completing this step.
RegionThe Region on which you want to create the wallet. For example eu-west-3.
  1. Click Create.

You can now dynamically create new wallets from your code or from the interface.

CREATING A WALLET FROM A KMS

  1. To create a wallet from your KMS, go to Wallet.
  2. Click +Wallet and click CONNECT YOUR KMS AND GRAND FULL ACCESS TO STARTON.
  3. From there, you can select the KMS imported.
  4. Click Next.
  • Creating a new policy before the IAM creation
  • Create a new IAM user for Starton
  • Importing a Key Management System on Starton