Skip to content

AWS Setup

To enable discover, deploy, and defend approach, Valtix controller would use IAM roles in the AWS account. You can use the provided AWS CloudFormation Template(CFT) to create these IAM roles

Run CloudFormation Template

  1. To grant the required permissions for Valtix Controller to perform cloud asset discovery and traffic visibility, run the following CFT.

    • Enter the parameter values as required:
    Parameter Description Sample Value
    Deployment Name This value is used internally for Valtix. Leave it as default "prod1" prod1
    ExternalID This value will be generated by Valtix Controller later on in this tutorial. 123456789
    RoleNamePrefix RoleNamePrefix will be used to prepend to the roles that CFT will create. valtix
    S3Bucket Name of the S3 bucket that will created for inventory and discovery purposes. Refer to AWS for naming requirements valtix.tutorial.<random number>
    ValtixControllerAccount This is the AWS account ID of Valtix Controller. Please contact support@valtix.com 705482507833

  2. Select the checkbox I acknowledge that AWS CloudFormation might create IAM resources with custom names, and then click Create Stack.

  3. Check the Events and Outputs tab of the CloudFormation Stack details for the progress. Allow 2 to 3 minutes for successful completion. If an error is displayed, check the AWS message to verify that the user running the CloudFormation template has the required IAM permissions to run templates and create IAM roles.

Note

If your CloudFormation stack fails, then click on the Events tab and scroll down to find the source of the error. If you see message like "<your_chosen_bucket_name> already exists" then re-do the CloudFormation, but specify a more unique bucket name.

Outputs

Once CloudFormation stack creation completes, the Outputs tab will generate values for the the resources that got created. These values will be needed for configuration settings in Valtix Controller.

Here are the outputs:

Parameter Description
CurrentAccount AWS Account ID where applications run and Valtix Gateways will be deployed
ValtixControllerRoleArn IAM role ValtixControllerRole in ARN format.
ValtixFirewallRoleName Name of IAM role for Valtix Gateway.
ValtixS3BucketArn S3 bucket in ARN format
ValtixS3BucketName Name of S3 bucket