When new features are released for Alert Logic® Cloud Insight™ and Cloud Insight Essentials, updates to the IAM policy associated with each deployment may be required. This article describes the process used to update the IAM policy in the Amazon Web Services (AWS) Management Console with the most current version from the Alert Logic console. When a new policy is released, this process will need to be completed for each deployment of Cloud Insight or Cloud Insight Essentials in your Alert Logic account.
Note: The process described below is the recommended method for updating the IAM policy for your Cloud Insight or Cloud Insight Essentials deployments; however, you can optionally create a new IAM role and policy using the instructions in the Alert Logic console. If you choose to create a new IAM role, it is recommended that you delete the previously used IAM role.
- Log in to the Alert Logic console.
- Click Configuration in the main menu and then Deployments.
- Click Edit for the necessary deployment.
- Click Role ARN in the left navigation pane. Note the role name, which is the portion of the ARN after the string “role/”. For example, if the ARN is “arn:aws:iam::123456789012:role/cloud-insight”, the role name is “cloud-insight”.
- Log in to AWS.
- In the AWS Management Console, access the role noted in step 4.
- Locate the policy and select to edit the policy in JSON format.
Note: If you used a CloudFormation template to deploy Cloud Insight/Cloud Insight Essentials, the IAM policy is an inline policy only.
- Delete the existing policy document.
- Return to the Alert Logic console. Click AWS Instructions in the left navigation pane.
- Click the Copy Policy button.
- Return to the AWS Management Console.
- Paste the new policy document.
- Review the policy to verify no errors are detected and save your changes.
If you are completing this process to resolve a remediation from the Alert Logic console, note that the remediation may take 24 hours to be removed after this process has been completed.