Type a Role Name and optional Role description, and then click Create Role. Select the check box next to the matching policy. You can use the Filter Policies option and select Customer managed to help locate the policy. From the list of policies, locate the previously created policy. On the Create role page, click Another AWS Account. To create an IAM role in the AWS console: If you created both policies, you can use the same role for both policies. 
The next step in the AWS console is to create a role that uses one of the IAM policies you created. Copy the contents of the policy document iam-policy-WAF.txt and replace the text in the policy editor.
#AWS QWIKI LABS IAM ROLES UPDATE#
To create an IAM policy to update AWS WAF IP sets: AWS WAF rule associating the IP set with the Web ACL.AWS WAF IPv4 IP set created (IPv6 IP set is also supported if you want to use the connection for the playbook task Update AWS WAF IP Set.).AWS WAF (v2) Web ACL configured, either regional or CloudFront.Add IP addresses to or remove them from an AWS WAF IP setīefore you begin, ensure your setup in AWS meets the following prerequisites for this integration:.On the Review Policy page, type a Policy Name and optional Description for the policy.Ĭreate an IAM policy to update AWS WAF IP sets.Copy the contents of the policy document iam-policy-user.txt and replace the text in the policy editor.
From the IAM Management Console, click Create Policy. In your AWS account where you want Alert Logic to run automated responses, go to. To create an IAM policy to manage AWS users: Manage IAM users, which includes disabling or enabling user accounts but not adding or deleting them. Perform policy simulation to help produce better error messages if the policy is not implemented correctly. The policy document you use in this procedure grants access for Alert Logic to perform these actions only: In that case, you can create one role in Create an IAM role in the AWS console that grants Alert Logic permission to both manage users and update IP addresses in AWS WAF IP sets. If you grant permission to update AWS WAF IP sets, you can perform the simple response AWS WAF IP Set: Block External IP Address.Ĭomplete one or both of the following procedures, depending on your goals for the connection to AWS.Īlert Logic provides separate policy documents in the following procedures, but you can combine them if you prefer. If you use the policy document that grants permission to manage AWS users, you can perform the simple response AWS IAM Role: Disable User. Use the connection in automated responseĪlert Logic provides separate IAM policy documents that grant Alert Logic permission to perform actions in AWS. Create the AWS IAM Role connection in the Alert Logic console. Create an IAM policy in the AWS console. For further questions about the steps performed in the AWS console, or if your interface looks different, contact AWS support. In the AWS console, you can create multiple IAM roles, which grant different permissions based on the policy document you use to create the role.Īlert Logic provides the following steps to help you create the connection. To create the connection, Alert Logic requires the ARN for the AWS IAM role that grants access to perform specific actions in your AWS account. An AWS IAM Role connection securely stores reusable credential information for integrations with Amazon Web Services (AWS).
0 kommentar(er)
