Customize Aviatrix IAM Role Names for Secondary Accounts

Step 1: Navigate to AWS CloudFormation with Aviatrix CFT

  • Login to Aviatrix controller GUI console

  • Navigate to Access-Account page by clicking [Accounts] –> [Account Users] on the left

  • Click [+ Add new] and [Launch CloudFormation Script]

    image1


Step 2: Download Aviatrix CFT

  • Use the URL shown in the screenshot below to download Aviatrix CFT to your local computer

    image2


Step 3: Modify/Customize CFT

  • Modify/Replace the following highlighted string with your desired role name in order to create your own IAM role, which is equivalent to “aviatrix-role-ec2”

    image3

    image4

  • Modify/Replace the following highlighted string with your desired role name in order to create your own IAM role, which is equivalent to “aviatrix-role-app”

    image5

  • If your new “aviatrix-role-app” role name doesn’t have the prefix string, “aviatrix” then you need to replace the following highlited string with your role name.

    image11

Important

We recommend to have the prefix string, “aviatrix” for Aviatrix IAM resources. However, if your new “aviatrix-role-app” role name doesn’t have the prefix, make sure the the IAM policy, “aviatrix-assume-role-policy” in both controller and secondary AWS accounts allows you to assume both exisiting “aviatrix-role-app” and the new “aviatrix-role-app” that you create.


Step 4: Create CFT Stack

  • Use the CFT you customized from the previous step to create a CFT-Stack

    image6

  • Enter AWS-Account-ID of the controller

    image7

  • Click [Next] then use default configurations to create the stack


Step 5: Save the 2 IAM role ARNs

  • After stack creation has been completed, click [Outputs] tab and copy the 2 ARNs for your roles

    image8


Step 6: Invoke Aviatrix API to Create Access Account

Click here to refer Aviatrix API documentation for API example

image9

Step 7: Verify the work by creating an Encrypted Peering


END