Amazon

AWS

Access Requests

Manual target selection

Add Access

Risk Analysis

Designer

Provisioning

Verifier

Remove Access

Designer

Verifier

Decommission Network Object

Impact Analysis

Verifier

Rule Decommission

Rule Decommission from the Rule Viewer

Rule Recertification

Update metadata

Notes for AWS:

• Nested SGs are not supported as source or destination in an access request.
• When Topology is enabled for an access request, Designer results do not include AWS VPCs even if the VPCs are relevant for the access request traffic path.
• Unattached SGs cannot be provisioned. SG must contain at least one VM instance in order to be provisioned.
• Verifier is not supported when AWS SG was selected in non-topology mode Access request.
• Remove access provisioning runs only when the existing rule exactly matches the remove request.