Customize Aviatrix IAM Role Names for Secondary Accounts

Step 1: Navigate to AWS CloudFormation with Aviatrix CFT

• Login to Aviatrix controller GUI console

• Navigate to Access-Account page by clicking [Accounts] –> [Account Users] on the left

• Click [+ Add new] and [Launch CloudFormation Script]

  

Step 2: Download Aviatrix CFT

• Use the URL shown in the screenshot below to download Aviatrix CFT to your local computer

  

Step 3: Modify/Customize CFT

• Modify/Replace the following highlighted string with your desired role name in order to create your own IAM role, which is equivalent to “aviatrix-role-ec2”

  

  

• Modify/Replace the following highlighted string with your desired role name in order to create your own IAM role, which is equivalent to “aviatrix-role-app”

  

• If your new “aviatrix-role-app” role name doesn’t have the prefix string, “aviatrix” then you need to replace the following highlited string with your role name.

  

Important

We recommend to have the prefix string, “aviatrix” for Aviatrix IAM resources. However, if your new “aviatrix-role-app” role name doesn’t have the prefix, make sure the the IAM policy, “aviatrix-assume-role-policy” in both controller and secondary AWS accounts allows you to assume both exisiting “aviatrix-role-app” and the new “aviatrix-role-app” that you create.

Step 4: Create CFT Stack

• Use the CFT you customized from the previous step to create a CFT-Stack

  

• Enter AWS-Account-ID of the controller

  

• Click [Next] then use default configurations to create the stack

Step 5: Save the 2 IAM role ARNs

• After stack creation has been completed, click [Outputs] tab and copy the 2 ARNs for your roles

  

Step 6: Invoke Aviatrix API to Create Access Account

Click here to refer Aviatrix API documentation for API example

Step 7: Verify the work by creating an Encrypted Peering

• Click here to refer Aviatrix documentation for Encrypted Peering

• After peering, the status should be UP and Green within 1-5 minutes!

  

END