AWS IAM Policies

The Aviatrix Controller in AWS is launched by a CloudFormation script. During the launch time, two IAM roles are created, aviatrix-role-ec2 and aviatrix-role-app. Two associated IAM policies are also created, aviatrix-assume-role-policy and aviatrix-app-policy.

These two roles and their associated policies allow the Controller to use AWS APIs to launch gateway instances, create new route entries and build networks. As more features are added by Aviatrix with each release, the IAM Access Policy may need to be updated to allow the Controller to launch new services.

This document shows you how to update your AWS IAM policies in Aviatrix Controller and Aviatrix CoPilot.

Please note that both the Aviatrix Controllers and the Aviatrix Gateways need access to the IAM policies.

Please ensure that IAM policies are consistent across all AWS accounts that the Controllers and Gateways are located in.