Using AWS tags
search cancel

Using AWS tags


Article ID: 12282


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)


This document explains what AWS tags can be utilized by CA PAM.

For example:
{AWS tag} ==> {AWS tag Value} ==> {CA PAM Action based on AWS tag Value}

What AWS tags do we have in connection with CA PAM?


Release: 3.x


There are two AWS tags we can utilize for AWS instances.

1. PAMIgnore  ( formerly XsuiteIgnore )

PAM will not import instances with tag of "PAMIgnore"


on AWS side, add tag on the instance

   Key = PAMIgnore

   Value = <any value>


2. PamGroups ( formerly XsuiteGroups)

You can use AWS tag "PamGroups" with PAM device group to make it easier for you to create policies for the devices you may specifically use.

<How to>

on PAM side
Device group -> AWS in "provision type" and enter group name to create AWS device group

on AWS side, add tag on the instance

   Key = PamGroups

   Value = Group1,Group2,Group3

Note: There is no specific limit set for the number of groups.

Additional Information

Using AWS Tags