Skip to main content

Cloud

  • Cloud
  • Get Started
  • Prerequisites for granting flow log access to your CSPs

Prerequisites for granting flow log access to your CSPs

Review the prerequisites before you grant flow log access to your CSPs.

Set up flow log access before you grant flow log access to your CSPs. See Set up flow logs in your CSP environment.

To grant flow log access to AWS, Azure, and GCP see Grant flow log access to your CSPs.

By participating in the BETA program for GCP features you agree that your company’s use of the BETA version of GCP features will be governed by Illumio’s Beta Terms and Conditions.

Note

Granting OCI flow log access is different than granting flow log access to other CSPs. See Grant OCI flow log access.

CSP-specific prerequisites

To use this feature of the Illumio Cloud Onboarding page, you need the following items, which you used when you onboarded your cloud accounts:

  • To grant AWS flow log access, you need:

    • Your Account ID, which you can select from a list

    • Your service account name, which you can select from a drop-down menu in the Grant Access... dialog box

    • Your CloudFormation Stack, which you need to create or download, similar to how you created or downloaded it when you onboarded your AWS account. See Onboarding AWS Cloud.

  • To grant Azure flow log access, you need:

    • Your Account ID, which you can select from a list

    • Your service account name, which you can select from a drop-down menu in the Grant Access... dialog box

    • Your service account token

    • Your Azure portal open in a browser window, so that you can run the PowerShell script you copied from the Grant Access... dialog box. See Onboarding Azure.

  • To grant GCP flow log access, you need:

    • Your Account ID, which you can select from a list

    • Your service account name, which you can select from a drop-down menu in the Grant Access... dialog box

    • Your service account token

    • Your Google Cloud shell open in a browser window, so that you can run the script you copied from the Grant Access... dialog box. Alternatively, you can use your local command line interface. See Onboarding GCP.

    • Permission to create an IAM role and bind it to projects and topics using service account as the principal.

  • To grant OCI flow log access, you need:

    • Your Oracle portal open in a browser window, so that you can run the Terraform file. See Onboarding OCI.