CloudFormation Template to deploy NetIQ Access Manager in AWS


NetIQ Access Manager 4.4 SP1 and later versions of Access Manager are supported to be deployed in leading public clouds such as AWS and Azure.

The NAM_Deploy_AC_IDP_MAG_v1.yml CloudFormation Template (CFT) attached in this tool can be used to deploy the Access Manager components in AWS in the selected VPC

This CFT will do the following:

    • Creates the required security groups for Admin Console, Identity Server, and Access Gateway


    • Deploys EC2 instances with SLES12 SP3 AMI


    • Provides the S3 read-only access to the created EC2 instances


    • Copies the Access Manager installer from the S3 bucket


    • Installs and configures various Access Manager components based on the parameters


    • Prints the Admin Console URL as the output.


    • This CFT deploys the EC2 instance types which are not eligible in AWS free tier, you will be charged for the instances which are deployed.


    • This CFT deploys a very basic Access Manager deployment and can be used for Access Manager demonstration purpose and not for production.





    • AWS Account with AdministratorAccess.



    • Copy the above two tar files to an AWS S3 bucket and note down the bucket name and the AWS region of the S3 bucket.


Steps to deploy:


[1] Download the attached and extract it to get the NAM_Deploy_AC_IDP_MAG_v1.yml

[2] Login to AWS Console and in the services select the CloudFormation

[3] In the Create a stack section – Click Create new stack



[4]  In the Select Template page, Choose a template click Choose File button.



Browse the NA_Deploy_AC_IDP_MAG_v1.yml and click Open and click Next

[5] In the Specify Details page provide the following details

    • Stack name: Provide a name for the stack.


    • Parameters: Provide the following parameters.

        1. Access Manager Configuration

            • Administrator name: Provide the admin name to be used in Access Manager deployment

            • Administrator Password: Provide the password for the Access Manager administrator

            • Access Manager deployment type: Choose one of the following options

                1. AdminConsole - for only Admin Console deployment

                1. AdminConsole_IdentityServer - for Admin Console and Identity Server deployments

                1. AdminConsole_IdentityServer_AccessGateway - for Admin Console, Identity Server, and Access Gateway deployments

        1. Access Manager Installer Location

            • S3 bucket name: Name of the S3 bucket having the Access Manager installer

            • Region: AWS region of the S3 bucket.

        1. EC2 Configuration:

            • Instance Type: Choose the preferred EC2 instance type

            • Key Pair Name: Choose the existing key pair

            • VPC: Choose the desired VPC

            • Subnet: Choose the subnet.

Click Next after providing the parameters.

[6] In the next screen, provide additional options for the deployment and click Next.

[7] In the Revies Page, verify the details and in the Capabilities section check the acknowledge check box and click Create



In ideal cases, CloudFormation should take 30 to 45 minutes to deploy the Access Manager components.


[1] After the successful deployment, CloudFormation provides the AdminConsole URL which can be used to login and do the additional Access Manager configuration.



[2] Optionally newly deployed EC2 instances can be verified in EC2 service console



Next step: Login to the Admin Console with the administrator name and password provided in the parameter and do the required configuration.



How To-Best Practice
Support Tip
Comment List