Skip to main content

Deploying Changes in AWS

One-Click Least Privilege. Zero Disruption.



© 2026 Sonrai Security. All rights reserved.

Overview

Once you have reviewed your Pending Changes, it's time to deploy those changes in your AWS Org through a method of your choosing:

  • AWS console
  • Terraform
  • etc.
tip

See below for help with drift detection & remediation through your IaC template(s)!

Deploying Your Changes

AWS Console

  1. Log in to your AWS Master/Organization Account & navigate to CloudFormation

  2. Click

  3. Upload the CloudFormation template downloaded from Sonrai's Cloud Permissions Firewall

[AI GENERATED] The AWS CloudFormation 'Create Stack' page showing the option to upload the CloudFormation template downloaded from Sonrai's Cloud Permissions Firewall.[AI GENERATED] The AWS CloudFormation 'Create Stack' page showing the option to upload the CloudFormation template downloaded from Sonrai's Cloud Permissions Firewall.
  1. Provide the stack a name of your choosing
[AI GENERATED] The AWS CloudFormation 'Specify stack details' page showing the stack name input field.[AI GENERATED] The AWS CloudFormation 'Specify stack details' page showing the stack name input field.
  1. Click , making no changes
[AI GENERATED] The AWS CloudFormation 'Configure stack options' page showing no changes are required before clicking Next.[AI GENERATED] The AWS CloudFormation 'Configure stack options' page showing no changes are required before clicking Next.
  1. Review and create, clicking (making no further changes)
[AI GENERATED] The AWS CloudFormation 'Review' page showing the stack configuration summary before clicking Submit.[AI GENERATED] The AWS CloudFormation 'Review' page showing the stack configuration summary before clicking Submit. [AI GENERATED] The AWS CloudFormation review page showing the acknowledgment checkbox and Submit button to create the stack.[AI GENERATED] The AWS CloudFormation review page showing the acknowledgment checkbox and Submit button to create the stack.
  1. Review the newly created stack & policies
[AI GENERATED] The AWS CloudFormation stack detail view showing the newly created stack and its status after deployment.[AI GENERATED] The AWS CloudFormation stack detail view showing the newly created stack and its status after deployment. [AI GENERATED] The AWS CloudFormation stack resources view showing the policies created by the deployed Cloud Permissions Firewall stack.[AI GENERATED] The AWS CloudFormation stack resources view showing the policies created by the deployed Cloud Permissions Firewall stack.

Terraform

To ensure cohesion between the Cloud Permissions Firewall and Terraform, include the below ignore_tags block in your AWS provider configuration(s) file(s):

ignore_tags {
    keys = ["cpf", "cpf-z"]
  }
[AI GENERATED] A Terraform AWS provider configuration file showing the ignore_tags block with the cpf and cpf-z tag keys to prevent IaC tag drift caused by Cloud Permissions Firewall.[AI GENERATED] A Terraform AWS provider configuration file showing the ignore_tags block with the cpf and cpf-z tag keys to prevent IaC tag drift caused by Cloud Permissions Firewall.

Reference: See here for more information on Terraform ignore tags.

Last updated on