Double assignment policies are standard behavior in Discovery-enabled Amazon Web Services (AWS) environments using Cross-Account Roles and Microsoft Azure environments using RBAC roles.
When a role is implemented in AWS or Azure for an appliance, a default assignment policy is automatically created for the appliance and VPC or VNET it resides in. If this is not the first appliance deployed in the VPC or VNET, the policy will be updated to include the new appliance. This policy can be thought of as the "VPC policy" or "VNET policy".
Another assignment policy that corresponds specifically to the appliance is also automatically created and only contains the new appliance. This happens in order to provide an easy way for users to point agents to a specific appliance. This can be done by linking agent sources to the appliance-specific policy. This policy can be thought of as the "appliance-specific policy".
The VPC policy or VNET policy contains the VPC or VNET identified, while the appliance-specific policy contains the appliance itself.
Comments
0 comments
Please sign in to leave a comment.