Onboard Your AWS Cloud Account

After signing up with Aviatrix Cloud Network Security Platform-as-a-Service (Aviatrix PaaS), you need to connect your cloud accounts with the Aviatrix Platform. The onboarding process creates the AWS roles and resources required for Aviatrix Platform to monitor and manage your AWS network.

You can easily onboard your AWS account in the Aviatrix Platform by using the provided CloudFormation template.

Alternatively, you can onboard your account using your AWS key and secret.

Onboard Your AWS Account By Using CloudFormation

  • Recommended for production environments

Onboard Your AWS Account By Using a Key and Secret

  • Recommended only for test environments

Onboard Your AWS Account By Using CloudFormation

The CloudFormation template creates the required IAM roles and policies in AWS that allow Aviatrix to manage your cloud network. This is the recommended method for onboarding Aviatrix PaaS.

  1. In the Aviatrix Platform, go to Cloud Resources > Cloud Accounts and click +Cloud Account.

  2. Enter an Account Name and click AWS.

  3. Select AWS IAM Role and CloudFormation Script.

  4. Click Launch CloudFormation.

    The AWS CloudFormation quick create stack template opens.

  5. In the template, you can optionally modify the stack name and IAM role or leave them with their default settings.

    Do not modify the AviatrixPrincipalArn. This is the IAM role owned by Aviatrix and permitted to assume the aviatrix-platform-app role.

    50%

  6. Under Capabilities, click the acknowledgment and then click Create stack.

  7. On AWS CloudFormation > Stacks > Events, watch the Status column for CREATE_COMPLETE to display.

    Refresh the list periodically to see updates.

    50%

  8. When creation completes, click the Outputs tab and copy the Value for AviatrixRoleAppARN.

    This is the ARN in the format arn:aws:iam::<account-id>:role/aviatrix-platform-app.

    50%

    The ARN can also be viewed at IAM > Roles by clicking the aviatrix-platform-app role.

  9. Return to the Aviatrix Onboard Cloud Account dialog box, paste the value into the field AWS Role ARN, and click Next.

    You will see a Discovering Cloud Resources message that changes to a success message after a minute or two.

  10. Click Close.

  11. Verify that the new cloud account displays in the list on Cloud Accounts > Overview.

Next Step: Onboard your VPCs or VNets.

Onboard Your AWS Account By Using a Key and Secret

Your Aviatrix ID will be used with your AWS key and secret so that Aviatrix PaaS can perform actions on your behalf.

Onboarding with a key and secret is recommended for test environments only, not for production.

Prerequisite

You must already have an AWS key and secret before onboarding your AWS account. If you do not have permission to create credentials in AWS, contact your IAM administrator.

The Access Secret is only displayed when it is originally created. If you create a new key and secret for onboarding AWS, be sure to keep a copy of the secret in a secure place for future use.

To onboard your AWS account in Aviatrix Platform, do the following.

  1. Go to Cloud Resources > Cloud Accounts and click +Cloud Account.

  2. Enter an Account Name and click AWS.

  3. Select AWS Key/Secret.

  4. Enter the Access Key ID and Access Secret for your AWS account.

  5. Click Next.

  6. Verify that the new cloud account displays in the list on Cloud Accounts > Overview.

Next Step: Onboard your VPCs or VNets.