Enable read-write permissions
Enable read and write permissions for Illumio to enforce Azure subscription and AWS account policies after onboarding.
Note
Use Case: You onboarded an Azure subscription with read only permissions. You have now decided that you want to write application policies for Illumio Segmentation for the Cloud to enforce on your subscription. You must enable read and write permissions.
Note
If you have not enabled read and write permissions for your subscription, you'll need the following:
Permissions to run the provided read access script. See Prerequisites for Onboarding Azure and Permissions for Onboarding Azure. If you don't have permissions, see Change Azure permissions from read to read and write.
A service account and its token
Note
If you change your AWS account from read to read and write by downloading the CloudFormation Stack, you must use the same role as you did during the initial onboarding for that account. This restriction does not apply if you instead click the link recommended in the wizard.
If you do not run the original CloudFormation Stack you may see an error like the following:
"Read to Read Write cannot be completed. Please delete and reonboard the AWS integration"
If you see such an error, re-onboard the AWS account as though you had never run the CloudFormation template as a stack in the first place.
If you wish to change an organization's child accounts to read and write, you must first run the CloudFormation template on the organization to update its permissions and then run the CloudFormation template as a stackset so that the update occurs in the child AWS accounts. See Onboard an AWS Cloud organization.
Enable read-write steps
If your subscription has read permissions only, browse to Onboarding and select your account.
Click Enable Read Write.
The Read-Write Access Setup dialog displays with the following options:
Start with Security review before Enable Read Write Access (recommended)
This option allows you to review and approve your subscription policies before you enforce any application policies on your subscription. See Security reviews.
Enable Read Write Access and skip security review
This option automatically approves the security review without giving you the benefit of reviewing your subscription policy enforcement, reducing the risk of implementing ineffective rules.
Click Acknowledge and Approve.