IRP for Cloud – Setup


IRP for Cloud satellite VM

IRP for Cloud service is enabled by a satellite VM running in a customer’s VPC and automating the service.
The following apply:

  • Available on the Marketplace
  • Requires an assigned IAM role so that it is able to:
    • request and install a Virtual Interface/Gateway;
    • enable Route propagation from IRP for Cloud service;
    • monitor VPC operation and update IRP for Cloud with changes;
    • restore to previous configuration in case of incidents.
Note: AWS Identity and Access Management (IAM) role enables IRP for Cloud running on Amazon EC2 to use temporary security credentials. The role’s permissions determine what the IRP for Cloud is allowed to do. Reliance on IAM roles is one of the Amazon’s best practices to help secure your AWS resources.

Launching IRP for Cloud satellite VM

Launch the IRP for Cloud AMI from the AWS Marketplace and choose the desired EC2 instance type. Create an IAM role or use the existing one with the following characteristics:

  • EC2 trusted entity with the following policies
  • “AmazonEC2FullAccess”,
  • “AWSDirectConnectFullAccess”,
  • “AWSMarketplaceMeteringFullAccess”
Note: Refer to the next section to see how to create an IAM role with the above characteristics, otherwise proceed to “IRP for Cloud satellite VM Web interface” section.

In Launch wizard at step 3 assign the VM a corresponding IAM role and proceed to the following steps to launch the instance.

Launch IRP for Cloud sat VM

Creating an IAM role for the IRP for Cloud satellite VM

Access your AWS Management Console using your Amazon credentials.

To create an IAM role navigate in your AWS console to:

  • “Services” > “Security, Identity & Compliance” > “IAM”

create IAM role navigate in AWS console


Add an IAM role

Navigate to “Roles” and create a new one.

add IAM role


Set EC2 as a trusted entity

Choose “EC2” when selecting the service that will use the role.

Choose “EC2” again when selecting the use case down below and click “Next:Permissions”.

Warning: The role must be created for EC2 entity. Roles created for other entities will not work.

Set EC2 as a trusted entity

Assign allowed policies
Select the following policies to be attached to the new role from the list:

  • “AmazonEC2FullAccess”,
  • “AWSDirectConnectFullAccess”,
  • “AWSMarketplaceMeteringFullAccess”

Assign allowed policies

Name the IAM role and submit

While here also review that the following sections are identical to the screenshot below:

  • Trusted entities
  • Policies

name IAM role and submit

IRP for Cloud satellite VM Web interface

The satellite VM comes with a simple Web interface that displays the status of various required component of the setup.
Navigate using a web browser to the cloud provider assigned resource and login with admin/instance-id user credentials (paste ‘admin’ value into the username field and the IRP for Cloud instance ID value into the password field):
signing in


After a successful login, a similar interface will list the status of various service components.

aws credentials

IRP for Cloud setup process is expected to take 10-15 minutes. The service status page refreshes every 30 seconds.

In case you encounter issues during the setup process, please contact Noction support team by writing to or by calling (650) 903-7028.

Once IRP for Cloud is setup, feel free to navigate to the IRP for Cloud frontend at Use your cloud provider credentials to login

IRP for Cloud satellite VM CLI command

You can run the following command in your cloud provider CLI application:

IRP for Cloud Status check:

IRP for Cloud Status check