The Aviatrix Controller in AWS is launched by a CloudFormation script. During the launch time, two IAM roles are created, aviatrix-role-ec2 and aviatrix-role-app. Two associated IAM policies are also created, aviatrix-assume-role-policy and aviatrix-app-policy.

These two roles and their associated policies allow the Controller to use AWS APIs to launch gateway instances, create new route entries and build networks. As more features are added by Aviatrix with each release, the IAM Access Policy may need to be updated to allow the Controller to launch new services.

This document shows you, an Aviatrix user, how to update your AWS IAM policies in the Aviatrix Controller and in AWS.