Blog

Introducing Cloud Access Manager - Authentication for Cloud Storage

October 13, 2020 · by Michele Tomac  ·

Akamai Cloud Access Manager (CAM) is a new feature that will now be included as part of our delivery service. The CAM feature will help anyone who uses cloud origins more easily manage access keys in a simple and secure method.  

CAM captures AWS and Google Cloud Platform (GCP) authentication keys and access IDs in a secure service for use in your Akamai Property Manager configs.  The keys and access IDs are securely stored in Akamai’s Key Management Infrastructure service and the actual keys and access IDs are obscured in the Property Manager config.  

Background

Many companies are moving to a cloud infrastructure such as AWS, Google Cloud, or Azure for their origin infrastructure.  Each of these cloud platforms has different methods, objects and procedures to securely authenticate with their cloud infrastructure.  Often this requires highly sensitive access IDs, keys, and secrets that need to be used as part of origin authentication.  

These keys need to be provided to Akamai and stored in Akamai property configurations so that Akamai edge servers can make secure connections to customer origins.  Customers want to control who has access to these keys, how many places they are stored, confirmation that these key values cannot be viewed as clear text, and confirmation that they are securely stored in a key management service.  Akamai Cloud Access Manager (CAM) provides this level of security and access control required by customers.

What is Cloud Access Manager and how does it work?

Access keys today are entered directly into each delivery configuration as part of the origin characteristics behavior in Akamai Property Manager.  With CAM, these keys will be centrally stored providing a single secure place to manage your cloud authentication in Akamai.

Cloud Access Manager (CAM) is a new service in the Akamai Control Center that allows customers to manage access keys for Cloud Origins independent of an Akamai property. 

By enabling Cloud Access Manager, you can:

  • Manage keys and create, rotate, delete, and manage permissions on keys from a single control point
  • Connect the correct keys from CAM to the origin characteristics behavior in Property Manager using a key name rather than the actual key values
  • Get support for AWS and Google Cloud Storage (GCP) (Azure is being considered as part of our future plans)

How do you enable Cloud Access Manager? 

Our Cloud Access Manager Beta is available to customers.  If you're interested in participating in the beta, sign up for the Ion or DSA beta channel on Akamai Marketplace.

Benefits 

  • Manage your keys in a centralized environment

  • Control who has access to authentication keys by role, contract, and group

  • Obscure keys, access IDs, and secrets in Akamai Property Manager

  • Securely store keys in a separate Key Management Infrastructure

  • Simplify Authentication for AWS & GCP

Akamai is dedicated to streamlining and securing the intersection of the Akamai Edge Platform and the Public Cloud.  We are working to simplify how customers integrate multiple cloud platforms while maintaining the required secure access keys in a system that controls who has access to keys, how they are used, and confirmation that they cannot be viewed as clear text.

Get Started with Akamai Cloud Access Manager

  1. Login to Akamai Control Center

  2. From the hamburger menu, select ORIGIN SERVICES > Cloud Access Manager

    CAM

     

  3. Select “New access key”

    CAM

     

  4. Specify the Contract and the Group - this is how you can control who has access to this key.  An Akamai property is under a Contract and sometimes a Group, you can finely control which properties have access to this key

  5. Specify the Key Name - this is the name that will be seen in Akamai Property Manager, Origin Characteristics behavior.  If you have a lot of keys, you may want to define a naming convention so you can easily find the correct key when you are adding the Origin Characteristics behavior in Akamai Property Manager

  6. Specify the Signature method, the Key ID and the Secret Access key

  7. Select Save.  Wait 10 minutes for the key to be deployed across the Akamai network before starting on the next step

  8. Open the config that will use an AWS or GCP origin in Property Manager

  9. In the Origin Characteristics behavior specify the “Authentication Method”.  At this time, we support AWS or Google Cloud:

    • AWS

      CAM

    • Google Cloud

      CAM

  10. Save the Property Manager configuration

You May Also Like