ConfiguringAvi Load Balancer for Cross-Account Role
Avi Load Balancer
for Cross-Account RoleAfter completing the prerequisite setup, you can configure the IAM role for
Avi Load Balancer
Controller as IT-AviController-Role
by following the steps mentioned in AWS Installation section. Ensure that the VPCs and subnets are configured in AWS, so that theAvi Load Balancer Controller
management interface and Service Engine’s management networks will be reachable from other accounts.The prerequisite configuration is required on AWS to set up the IAM user or roles to access other accounts using Assume Role.
- Create the AWS cloud by navigating to and click . UnderAWStab, choose the appropriateAWS Region, clickSET CREDENTIALSand selectUse IAM Rolescheck box. Ensure that theIT-AviController-Roleis attached to theAvi Load Balancer Controllerwhen it is launched for it to assume the role.Both IAM role and access/secret key can used for cross-account role given the role/user has the necessary permissions (cross-account policy).

- Select theUse Cross-Account AssumeRolecheck box, if the cloud has been set up in another AWS account. However, in this case, theAvi Load BalancerSE cloud is created in the Prod AWS account (112233445566) from theAvi Load Balancer Controllerhosted in IT AWS account (123456789012). As the cross-account AssumeRole has already been set up forIT-AviController-Role, on selecting the check box, the back-end APIs will fetch the associated AssumeRole accounts and their roles and display them in the drop-down menu. If there are no AssumeRoles attached, then the list would have been empty. The ARN of the role that the Controller instance's IAM role (in our example,AviController-Refined-Role) can assume the role, can be entered into a text box.
- Select the ARN for the account and role, where the SE targets will be deployed.

- If the role has appropriate access and is correctly setup,Avi Load Balancer Controllerwill fetch the AWS account details and configuration’s VPC networks. Similarly, this will continue for the older SE AWS cloud setup.
- Cloud setup will progress, and theAvi Load BalancerSE AMI will be copied to the target account.
- Once the transfer is completed, the cloud status will move to Cloud ready for Virtual Service placement.
- Virtual services can now be configured on this cloud by following the steps mentioned at Create a Virtual Service.