AWS Overview¶
Overview of steps¶
- Create a cross account IAM role that's used by the Valtix Controller to manage your cloud account
- Create an IAM role that is assigned to the Valtix Gateway EC2 instances that run in your account
- Create a CloudWatch event rule that transfers the management events to the Valtix Controller
- Create an IAM role that is used by the above CloudWatch event rule that gives it the permissions to do the transfer of the management events
- Optionally create a S3 bucket in your account to store CloudTrail Events, Route53 DNS query logs and VPC Flow Logs
- Enable Route53 DNS Query Logging with the destination as the S3 Bucket created above and select the VPCs for which query logging must be enabled
- Enable CloudTrail to log all the management events to the S3 Bucket created above
- Enable VPC Flow Logs with destination as the S3 Bucket created above
Next section(s) provide the details on configuring the above items