# AWS

### Secrets Management

StrongDM integrates with the AWS Secrets Manager to allow your nodes to proxy access to resources using secrets that are added and maintained in your cloud-native secrets manager.

{% content-ref url="../../access/secret-stores/aws-secrets-manager" %}
[aws-secrets-manager](https://docs.strongdm.com/admin/access/secret-stores/aws-secrets-manager)
{% endcontent-ref %}

### Node Management

When configuring gateways or relays to proxy client traffic to resources, the EC2 Nodes guide can be of use for setup.

{% content-ref url="../../networking/gateways-and-relays/ec2-nodes" %}
[ec2-nodes](https://docs.strongdm.com/admin/networking/gateways-and-relays/ec2-nodes)
{% endcontent-ref %}

### Resources

Additionally, StrongDM offers proxied access to cloud resources using the following resource types.

#### Cloud Resources

* **AWS (Instance Profile)** - Proxy access to manage your Amazon Cloud via the aws command line tool, using EC2 instances for your nodes and Instance Profile access to authenticate the nodes to the cloud. See the [AWS (Instance Profile) guide](https://docs.strongdm.com/admin/resources/clouds/aws-instance-profile) for more details.
* **AWS Cloud** - Proxy access to manage your Amazon cloud via the aws command line tool, using Secret Access Keys to authenticate your nodes to the cloud. See the [AWS Cloud guide](https://docs.strongdm.com/admin/resources/clouds/aws) for more details.
* **AWS Management Console** - Proxy access to manage your Amazon Cloud for service accounts via the aws command line tool, using environment-loaded credentials on your nodes or Secret Access Keys to authenticate your nodes to the cloud. See the [AWS Management Console guide](https://docs.strongdm.com/admin/resources/clouds/aws-console) for more details.

#### Cluster Resources

When setting up Kubernetes, it's advisable to use a Helm chart and the Kubernetes (Pod Identity) resource type. If you're manually setting up a Kubernetes resource in the cloud, you can also use the AWS-specific EKS and EKS (Instance Profile) resource types. See the following for more information:

* [Deploy Kubernetes via Helm chart](https://github.com/strongdm/charts/blob/main/deployments/sdm-relay/README.md)
* [Kubernetes (Pod Identity) resource guide](https://docs.strongdm.com/admin/resources/clusters/kubernetes-podidentity)
* [EKS resource guide](https://docs.strongdm.com/admin/resources/clusters/eks)
* [EKS (Instance Profile) resource guide](https://docs.strongdm.com/admin/resources/clusters/eks-instance-profile)

#### Server Resources

Any of StrongDM's SSH resource types (listed on the [servers](https://docs.strongdm.com/admin/resources/servers "mention") page) can be used to set up AWS server instances as resources in StrongDM.

#### Datasource Resources

Several of StrongDM's datasource resource types can be used to set up resources within AWS, but there are also several bespoke AWS resource types. See the guides for any of those resource types for more details:

* [amazon-es-iam](https://docs.strongdm.com/admin/resources/datasources/amazon-es-iam "mention")
* [amazon-es](https://docs.strongdm.com/admin/resources/datasources/amazon-es "mention")
* [amazon-neptune](https://docs.strongdm.com/admin/resources/datasources/amazon-neptune "mention")
* [amazon-mq-amqp](https://docs.strongdm.com/admin/resources/datasources/amazon-mq-amqp "mention")
* [amazon-mq](https://docs.strongdm.com/admin/resources/datasources/amazon-mq "mention")

### User Management

StrongDM provides a generic SAML integration and the StrongDM SCIM API specification that can be used to integrate with the AWS Identity Center.

{% content-ref url="../../principals/sso/saml" %}
[saml](https://docs.strongdm.com/admin/principals/sso/saml)
{% endcontent-ref %}

{% content-ref url="<https://app.gitbook.com/s/4XOJmXFslCMVCzIG2rKp/scim>" %}
[StrongDM SCIM API Specification](https://app.gitbook.com/s/4XOJmXFslCMVCzIG2rKp/scim)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.strongdm.com/admin/deployment/integrations/aws.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.