Add a Primary AWS Account

By adding a primary AWS Account, you can automatically add all the linked AWS Accounts in your organization in the VMware Aria Operations for Networks.

Prerequisites

Firewall Configuration for AWS API Access.
Create a Primary and Linked Account Policy.
Create a Role in AWS.
Create a User in AWS Account.
Get your Amazon Access Key ID that you created in the AWS console. For more details, see http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html.
Get the role Amazon Resource Names (ARN) of the linked AWS account. See, Amazon Resource Names (ARNs) and AWS Service Namespaces

If you have configured AWS API access with restricted IPs, you must whitelist the following IP address to allow communication between region specific VMware Aria Operations for Networks and AWS account:


Region	IP address
AU	3.104.98.208
CA	3.98.12.139
DE	3.70.31.146
JP	35.75.225.94
US	44.241.36.197
UK	18.168.184.20

Note: You can locate a region from the browser URL that you use to access the service. For example, in the URL https://ca.www.mgmt.cloud.vmware.com/ni, ca indicates CA (Canada) region. Similarly in the URL https://us.www.mgmt.cloud.vmware.com/ni, us indicates the US region.

Procedure

From the left navigation pane, go to Settings > Accounts and Data Sources.
Click Add Source.
Under the Public Clouds, select Amazon Web Services.

In the Add a New AWS Account or Source page, provide the required information.

Option	Action
Access Key ID	Enter your Amazon Access Key ID.
Secret Access Key	Enter the corresponding Secret Access Key. Note: VMware Aria Operations for Networks takes 15–20 minutes to collect your AWS account data.
Web Proxy (Optional)	Select a web proxy from the drop-down menu.

Click Validate.

If the number of VMs discovered exceeds the capacity of the platform, the validation fails. You will not be allowed to add a data source until you increase the brick size of the platform. The specified capacity for each brick size with and without flows is as follows:


Brick Size	VMs	State of Flows
Large	6k	Active
Large	10k	Deactivate
Medium	3k	Active
Medium	6k	Deactivate

After validation of your AWS account completes, select the Add Linked Accounts Automatically (Only for Master Account) check box.
1. In Role ARN, enter the role - Amazon Resource Names of the linked AWS account to trust the primary AWS Account.
To get deeper insight of your environment, select the Enable Flow data collection (Highly Recommended) check box.
(Optional) To enable region specific access, select the Allow access to specific AWS regions only check box.
(Optional) In the Nickname text box, enter a nickname.
(Optional) In the Notes text box, add a note if necessary.
Click Submit.

Results

VMware Aria Operations for Networks validates Role ARN and adds the account.