There are several AWS configuration options that facilitate particular customer configurations, such as role based authentication.
Configure a role-based cloud account for AWS
You can configure role-baed access to an AWS using the following procedure. VMware provides a helper JSON to facilitate this procedure that is displayed when you click Create IAM Role on the AWS create cloud account page. The JSON helper includes instructions to create and configure an IAM role for
VMware Aria Automation.
Note: The helper JSON helps you to configure access to basic functionality such as machine creation. If you wamt to run more complex tasks using ACTIONS, you must assign more permissions to the AWS role in the AWS portal.
- Create an AWS policy in the AWS portal using the helper JSON from VMware Aria Automation. You can copy the JSON snippet included in the instructions and paste it into the code area of the AWS policy editor.
- Create an AWS role in the AWS portal using the
AcccountIdprovided by VMware Aria Automation. Note the following- You must create a role in the AWS portal to use with the cloud account. When you create the role, use the
AccountIdprovided in the JSON helper instructions. On the Select Trusted Entity page in the AWS portal, select AWS account, and then click Another AWS account and paste the providedAccountIdinto the Account ID field. - When you create the role and paste in the
AccountId, you must also provide anExternalId, theExternalIdis theorgIdof the environment. You can copy the value directly from the create new AWS cloud account dialog in VMware Aria Automation.
- You must create a role in the AWS portal to use with the cloud account. When you create the role, use the
