Skip to content

Add AWS Account to the Valtix Controller

Once you prepared the AWS account as described in the previous sections, you can link that Cloud account to the Valtix Controller.

Add Cloud account

  1. Login to the Valtix Dashboard using the credentials provided by Valtix
  2. Click Manage -> Accounts
  3. Click Add Account
  4. Click on the CloudFormation Template link. This should open up another tab to deploy CFT. Login to AWS is required.
  5. Select the AWS region. Even though IAM is region independent, this template creates a CloudWatch Event Rule that requires a region.

  6. Enter the parameter in CFT.

    Parameter Description
    Stack Name Name of the CloudFormation stack
    Valtix Controller's Deployment Name This field is auto-filled with the correct deployment name already. This is the Valtix Controller name assigned to you.
    Valtix Controller's Account Number This will be auto-filled with correct Account ID. This is the AWS Account ID where the Valtix Controller operates. This account is owned and operated by Valtix.
    External ID used for cross account IAM Role's Trust Settings This field is auto-filled with the external ID shown in Valtix Controller's Add Account page.
    Prefix to use for all the IAM Role Names Prefix to be added to all of the IAM roles that are created. Recommended that valtix is used as prefix so you can easily identify the roles that were created for Valtix in the IAM page. {{ no such element: dict object['example_prefix_text'] }}
    S3 Bucket Name Name of S3 Bucket that will be used to store the Route53 DNS Query Logs, CloudTrail events and the VPC Flow Logs. The content of the bucket is ready by the Valtix Controller and used for Inventory/Discovery purposes. Recommended to provide a name so the S3 bucket is created for Discovery features from Valtix. If S3Bucket name is not provided, Inventory/Discovery features will not work.
    VPC Id for which VPC Flow Logs and Route53 Logging is enabled Provide VPC ID where you want to enable VPC flow logs and DNS query logs

  7. Navigate back to the Valtix Dashboard to complete onboarding of AWS account.

  8. Type a name for this AWS account. You can choose to name this the same as your AWS account name. This name is visible on the Valtix Controller only
  9. Provide your AWS account number. This number can be found in the output value CurrentAccount of the CFT.
  10. Type the IAM role ARN of valtix-controller-role (from the CF template it's the output value of ValtixControllerRoleArn)
  11. Ensure that the External ID shown is the same as the external ID in the IAM role valtix-controller-role that was deployed as part of the CFT deployment. If they are not the same, below are steps to change it.
    1. On AWS console edit the IAM Role valtix-controller-role (Default name created by CF unless you override with a different prefix)
    2. Under Trust relationships tab, click Edit trust relationship
    3. Replace IAM role external ID with the External ID shown on the Valtix Dashboard UI and save
    4. Wait approximately 10 seconds before continuing on the Valtix Dashboard
    5. Click Finish

CloudFormation Outputs

From the Outputs tab, copy and paste the following information in to a text editor:

  • CurrentAccount (This is your AWS Account ID where applications run and Valtix Gateways will be deployed)
  • ValtixControllerRoleArn
  • ValtixFirewallRoleName
  • ValtixInventoryRoleArn
  • ValtixS3BucketArn
  • ValtixS3BucketName