Deploying Changes in AWS

One-Click Least Privilege. Zero Disruption.

© 2025 Sonrai Security. All rights reserved.

Overview

Once you have reviewed your Pending Changes, it's time to deploy those changes in your AWS Org through a method of your choosing:

• AWS console
• Terraform
• etc.

tip

See below for help with drift detection & remediation through your IaC template(s)!

---

Deploying Your Changes

AWS Console

1. Log in to your AWS Master/Organization Account & navigate to CloudFormation

2. Click

3. Upload the CloudFormation template downloaded from Sonrai's Cloud Permissions Firewall

4. Provide the stack a name of your choosing

5. Click , making no changes

6. Review and create, clicking (making no further changes)

7. Review the newly created stack & policies

---

Terraform

To ensure cohesion between the Cloud Permissions Firewall and Terraform, include the below ignore_tags block in your AWS provider configuration(s) file(s):

ignore_tags {
    keys = ["cpf", "cpf-z"]
  }

Reference: See here for more information on Terraform ignore tags.