AWS Overview¶
To prepare cloud account for integration with Valtix Controller, there are certain steps that needs to be performed in the cloud account. Below are steps that would be needed to be performed before onboarding cloud account to Valtix Controller. This is intended to provide an overview of the operation and not intended to be performed manually. For easy deployment, Valtix has creataed CloudFormation Template where you can deploy in the cloud account. In CloudFormation section, there are details of deployments and parameters information.
Overview of steps¶
- Create a cross account IAM role that's used by the Valtix Controller to manage your cloud account
- Create an IAM role that is assigned to the Valtix Gateway EC2 instances that run in your account
- Create a CloudWatch event rule that transfers the management events to the Valtix Controller
- Create an IAM role that is used by the above CloudWatch event rule that gives it the permissions to do the transfer of the management events
- Optionally create a S3 bucket in your account to store CloudTrail Events, Route53 DNS query logs and VPC Flow Logs
- Enable Route53 DNS Query Logging with the destination as the S3 Bucket created above and select the VPCs for which query logging must be enabled
- Enable CloudTrail to log all the management events to the S3 Bucket created above
- Enable VPC Flow Logs with destination as the S3 Bucket created above
Next section(s) provide the details on configuring the above items