Roles Created by Multicloud Defense
This document explains the details of the IAM roles created by the CloudFormation template used in the previous section.
The CloudFormation template creates the following three IAM roles and one CloudWatch Event rule:
-
Multicloud DefenseControllerRole - Used by the Multicloud Defense to connect to your AWS cloud account.
-
Multicloud DefenseFirewallRole - Used by the Multicloud Defense instances running in your cloud account to access S3, SecretsManager, KMS.
-
Multicloud DefenseCloudWatchEventRole - Used by the CloudWatch Event Rule to transfer inventory changes to the Multicloud Defense.
-
Multicloud DefenseCloudWatchEventRule - A rule created on CloudWatch Events to transfer inventory changes to the Multicloud Defense. The rule assumes the Multicloud DefenseCloudWatchEventRole defined above provides permissions to transfer CloudWatch Events.