This Cloud Assembly use case shows the process of defining resource infrastructure and a corresponding blueprint for deployment to a VMware Cloud on AWS environment.

In this procedure, you deploy a new cloud proxy to your VMware Cloud on AWS SDDC in vCenter and then create a VMware Cloud on AWS cloud account that accesses the proxy. You also configure infrastructure that supports blueprint deployment to resources in your VMware Cloud on AWS environment.

Prerequisites

  • Before you can create and configure a VMware Cloud on AWS cloud account in Cloud Assembly, you must be part of an organization in an existing VMware Cloud on AWS SDDC environment. For information about configuring the VMware Cloud on AWS service, see VMware Cloud on AWS Documentation.

  • Before you can use a deployed cloud proxy with a VMware Cloud on AWS cloud account, you must configure management gateway firewall rules in the SDDC's VMware Cloud on AWS console to support cloud proxy communication. The rules must be in the Management Gateway firewall rules section. Create the firewall rules by using options on the Networking & Security tab in the SDDC console.
    • Limit network traffic to ESXi for HTTPS (TCP 443) services to the discovered IP address of the cloud proxy. An example entry is shown in the following screen.
    • Limit network traffic to vCenter for ICMP (All ICMP), SSO (TCP 7444), and HTTPS (TCP 443) services to the discovered IP address of the cloud proxy. An example entry is shown in the following screen.
    • Limit network traffic to the NSX-T Manager for HTTPS (TCP 443) services to the discovered IP address of the cloud proxy. An example entry is shown in the following screen.
    three management firewall rules

    An example of how to select a source machine, such as CloudProxy1, is shown below:

    example of how to define a source machine named CloudProxy1

For more information about how to configure gateway firewall rules in the SDDC's VMware Cloud on AWS console, see About VMware Cloud on AWS Networking with VMware NSX-T.

If you are using a static IP address for the cloud proxy, you can create the firewall rules that limit network traffic for the target vCenter and NSX Manager either before or after you deploy the cloud proxy.