To enable discover, deploy, and defend approach, Valtix controller would use IAM roles in the AWS account. You can use the provided AWS CloudFormation Template(CFT) to create these IAM roles
Run CloudFormation Template¶
To grant the required permissions for Valtix Controller to perform cloud asset discovery and traffic visibility, run the following CFT.
- Enter the parameter values as required:
Parameter Description Sample Value Deployment Name This value is used internally for Valtix. Leave it as default "prod1" prod1 ExternalID This value will be generated by Valtix Controller later on in this tutorial. 123456789 RoleNamePrefix RoleNamePrefix will be used to prepend to the roles that CFT will create. valtix S3Bucket Name of the S3 bucket that will created for inventory and discovery purposes. Refer to AWS for naming requirements valtix.tutorial.<random number> ValtixControllerAccount This is the AWS account ID of Valtix Controller. Please contact firstname.lastname@example.org 705482507833
Select the checkbox I acknowledge that AWS CloudFormation might create IAM resources with custom names, and then click Create Stack.
- Check the Events and Outputs tab of the CloudFormation Stack details for the progress. Allow 2 to 3 minutes for successful completion. If an error is displayed, check the AWS message to verify that the user running the CloudFormation template has the required IAM permissions to run templates and create IAM roles.
If your CloudFormation stack fails, then click on the Events tab and scroll down to find the source of the error. If you see message like "<your_chosen_bucket_name> already exists" then re-do the CloudFormation, but specify a more unique bucket name.
Once CloudFormation stack creation completes, the Outputs tab will generate values for the the resources that got created. These values will be needed for configuration settings in Valtix Controller.
Here are the outputs:
|CurrentAccount||AWS Account ID where applications run and Valtix Gateways will be deployed|
|ValtixControllerRoleArn||IAM role ValtixControllerRole in ARN format.|
|ValtixFirewallRoleName||Name of IAM role for Valtix Gateway.|
|ValtixS3BucketArn||S3 bucket in ARN format|
|ValtixS3BucketName||Name of S3 bucket|