Amazon

AWS

Access Requests

Manual target selection

Add Access

Risk Analysis
Designer
Provisioning
Verifier

Remove Access

Designer
Verifier

Server Decommission

Impact Analysis
Verifier

Rule Decommission

Rule Decommission from Policy Browser

Rule Modification Rule Modification from Policy Browser

Rule Recertification

Update metadata

Notes for AWS:

  • Nested SGs are not supported as source or destination in an access request.
  • When Topology is enabled for an access request, Designer results do not include AWS VPCs even if the VPCs are relevant for the access request traffic path.
  • Unattached SGs cannot be provisioned. SG must contain at least one VM instance in order to be provisioned.
  • Verifier is not supported with AWS VPCs.
  • Remove access provisioning runs only when the existing rule exactly matches the remove request.