vmimport vmimport-role-trust.json

vmimport vmimport-role-policy.json

Enables the NSX Advanced Load Balancer SE VM to be imported into AWS. Without this IAM role, the SE cannot be launched. This role is associated with the AWS account in which Service Engines will be deployed (not with the Controller). For more details on vmimport, see VM Import/Export guide.

Yes

kmsimport avicontroller-kms-vmimport.json

Used to create an IAM policy and attached to vmimport role, or it can be directly applied to the KMS key.

Yes

AviController-Refined-Role avicontroller-role-trust.json

AviController-EC2-Policy

avicontroller-ec2-policy.json

Enables NSX Advanced Load Balancer Controller instance to be installed.

Yes

AviController-IAM-Policy

avicontroller-iam-policy.json

Enable access to retrieve IAM roles and policy information.

Yes

AviController-S3-Policy

avicontroller-s3-policy.json

Enable S3 permissions

Yes

AviController-R53-Policy

avicontroller-r53-policy.json

Enables access to the AWS cloud's DNS.

If configuring automatic DNS registration to Route53.

AviController-ASG-Policy

avicontroller-asg-policy.json

Enables read access to the AWS cloud's Auto Scaling groups.

If defining Pools based on AWS Auto Scaling Groups.

AviController-SQS-SNS-Policy

avicontroller-sqs-sns-policy.json

Enables NSX Advanced Load Balancer Controller to use SNS and SQS feature for Auto Scaling groups. Allows NSX Advanced Load Balancer Controller to receive ASG notifications when SNS and SQS features are enabled.

If SNS/SQS is enabled for notifcation-based updates for Pools based on Auto Scaling Groups.

AviController-KMS-Policy

avicontroller-kms-policy.json

Enables the NSX Advanced Load Balancer Controller to list the encryption keys in the NSX Advanced Load Balancer UI, and decrypt encrypted messages.

If SQS encryption feature is enabled.