Table of contents
Topics on this page

IAM roles and permissions

Network Security Identity and Access Management (IAM) roles and permissions enable various features within the application, including Network Security managed services. To enable this functionality, create an IAM policy and attach it to an IAM role. Select the IAM role option best-suited to your specific deployment. Learn more about creating IAM roles on AWS.

Updating IAM roles

If your virtual appliance is behind an Application Load Balancer (ALB), we recommend that you get the updated version of permissions for your Network Security deployments. Depending on how they were created, you can update IAM roles and permissions in the following two ways:

Option 1: Updating IAM roles and permissions created using a CloudFormation stack:

  1. Navigate to the Network Security management console and select Network > Accounts. Hover over the account with outdated roles and permissions and click the () icon to remove the cloud account. Click Remove Account to confirm removal.
  2. From your AWS management console, select the region that contains the stack with the outdated permissions.
  3. Locate the C1NS-Cloud-Account-Management stack and delete it.
  4. Delete the outdated roles and permissions in your AWS account.
  5. Use the new account wizard to add your account and add the appropriate roles and permissions.

Option 2: To update manually created IAM roles and permissions, follow the steps listed above, with the exception of Step 3.