This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Requesting access to RSA Authentication Manager Amazon Machine Image (AMI) for Amazon Web Services (AWS) environments

Article Number

000055180

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition:  8.3 and higher, including 8.5 and 8.6 (Fall 2021)
Platform: Amazon Web Services
 

Issue

Existing RSA Authentication Manager customers must open an RSA support case to request access to the Authentication Manager AMI needed for AWS deployment.  

Resolution

There are two AWS cloud; Commercial and GovCloud, which is hosted on US soil and supported by U.S. citizens. There is no way for RSA to tell which AWS Cloud the license applies to unless we are told by the customer.  RSA will assume Commercial unless told otherwise.
After RSA has shared their .AMI file to the customer, the customer will logon and access EC2, to Select an .AMI.  Customer should change their search filter to Private (from Public) and search for the word Authentication (not search for AM).  This is the same in either commercial AWS or GovCloud, customer should see the RSA .ami file shared from RSA to their license.

In AWS, a Security Group, SG is basically a set of firewall rules between AWS and their customers.  RSA expects your SG to allow access from customer site to AWS private VPN cloud for specific network ports needed to manage and use Authentication Manager hosted on AWS.
https://community.rsa.com/t5/rsa-authentication-manager/rsa-authentication-manager-8-5-amazon-machine-image-ami-getting/ta-p/568633
If no Security group can be added specific to RSA Authentication Manager use, then the default Security Group will be used and some things might not work, e.g. AM might not even deploy per the instructions in the Getting Started Guide.
Some AWS client installations do not allow shared .ami deployments or instantiations.  RSA does not have the means to 'build' or create an Authentication Manager appliance on a customers AWS using their .AMIs, i.e. RSA cannot create an AM appliance out of customer's Suse Enterprise Linux .ami by installing our software on top of their .ami.  There is no Engineering document on this, and it is not supported, nor is RSA Customer Support even remotely equipped to attempt this.  In this situation uploading the RSA .ami via the customer VPN console also would not work.
 

Notes

Tags (70)
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-08-30 02:30 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.