Skip to content

Valtix Documentation

AWS Overview for integrating with Valtix Controller

Valtix Documentation

Valtix Home
User Guide
User Guide
- Overview
- Cloud Provider Setup
  Cloud Provider Setup
  - AWS
    AWS
    
    Overview Overview
    Table of contents
    
    Overview of steps
    
    Cloud Formation
    
    Route53 Logging
    
    VPC Flow Logs
    
    Tech Notes
    Tech Notes
    
    IAM Roles
    
    Discovery Features
    
    VPC Setup
  - Azure
    Azure
    
    Overview
    
    AD Application
    
    Custom Role
    
    Marketplace Terms
    
    User Assigned Identity
    
    VNet Setup
  - GCP
    GCP
    
    Overview
    
    Enable API
    
    Service Accounts
    
    VPC Setup
- Cloud Account
  Cloud Account
  - AWS
  - Azure
  - GCP
- Inventory & Security Insights
  Inventory & Security Insights
- Discovery
  Discovery
- Security Gateways
  Security Gateways
  - Overview
  - Deployment
    Deployment
    
    AWS
    AWS
    
    Edge/VPC Mode
    Edge/VPC Mode
    
    Ingress
    
    Egress
    
    East-West
    
    Hub Mode using Transit Gateway
    Hub Mode using Transit Gateway
    
    Service VPC
    
    Ingress
    
    Egress
    
    East-West
    
    Protect Spoke VPCs
    
    Azure
    Azure
    
    Ingress
    
    Egress
    
    East-West
    
    Service VNet
    
    GCP
    GCP
    
    Ingress
    
    Egress
- Address & Service Objects
  Address & Service Objects
- Security Policy
  Security Policy
  - Ruleset
  - Rules
- TLS and Decryption
  TLS and Decryption
  - Certificates & Keys
  - Decryption
  - Tech Notes
    Tech Notes
    
    Azure Key Vault
    
    AWS KMS
    
    Self-Signed Certificates
- Network Threats
  Network Threats
- WAF and Application Threats
  WAF and Application Threats
  - WAF (Web Application Firewall)
  - L7 DoS (L7 Denial of Service)
- FQDN and URL Filtering
  FQDN and URL Filtering
  - FQDN
  - URL
- Packet Capture
  Packet Capture
  - Packet Capture
- Investigate & Analysis
  Investigate & Analysis
  - System Status
    System Status
    
    Audit Logs
    
    System Logs
  - Flow Analytics
    Flow Analytics
    
    Overview
    
    All Events
    
    Flow Logs
    
    Firewall Events
    
    Network Threats
    
    Web Attacks
    
    HTTPS Logs
    
    URL Filtering
    
    FQDN Filtering
    
    Session Summary
    
    Traffic Summary
  - Network Analytics
    Network Analytics
    
    Stats
- Alerts & Notification
  Alerts & Notification
  - Overview
  - ServiceNow
  - Pagerduty
  - Slack
- Log Forwarding
  Log Forwarding
  - Splunk
  - Datadog
  - Syslog
- Users & Settings
  Users & Settings
AWS Tutorials
AWS Tutorials
- Egress - Hub (Centralized)
  Egress - Hub (Centralized)
FAQ
FAQ
- FAQ
Release Notes
Release Notes

AWS Overview¶

Overview of steps¶

Create a cross account IAM role that's used by the Valtix Controller to manage your cloud account
Create an IAM role that is assigned to the Valtix Gateway EC2 instances that run in your account
Create a CloudWatch event rule that transfers the management events to the Valtix Controller
Create an IAM role that is used by the above CloudWatch event rule that gives it the permissions to do the transfer of the management events
Optionally create a S3 bucket in your account to store CloudTrail Events, Route53 DNS query logs and VPC Flow Logs
Enable Route53 DNS Query Logging with the destination as the S3 Bucket created above and select the VPCs for which query logging must be enabled
Enable CloudTrail to log all the management events to the S3 Bucket created above
Enable VPC Flow Logs with destination as the S3 Bucket created above

Next section(s) provide the details on configuring the above items