To configure VMware Cloud Director Object Storage Extension with AWS S3, you need a payer AWS account.

Create an Identity and Access (IAM) user for your AWS payer account and use the IAM user to establish the connection between AWS and VMware Cloud Director Object Storage Extension instead.

Assign the following permission to the IAM user:
  • Amazon S3 Full Access
  • AWS Organizations Full Access
  • AWS IAM Full Access
  • AWS STS Full Access
  • AWS Key Management Service Power User

To configure VMware Cloud Director Object Storage Extension with AWS S3, make sure that VMware Cloud Director Object Storage Extension has outbound access to AWS services.

Terminology Mapping

The AWS S3 terminology somewhat differs from the VMware Cloud Director Object Storage Extension terminology. The following table describes the mapping between different terms.
VMware Cloud Director Object Storage Extension Term AWS S3 Term Description
System Administrator AWS Payer Account The user account used by the service provider to configure and manage the service.
Tenant Organization Organization Unit The entity that a service provider creates to consolidate user accounts and compute resources.

For more information about AWS Organizations, see https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html.

Organization User Identity and Access (IAM) User The end user that consumes services.

In AWS, each organization unit contains a default account. All IAM users in the organization unit belong to the default account.