Configure VMware Cloud Director Object Storage Extension with AWS

To configure VMware Cloud Director Object Storage Extension with AWS, you provide the region, the secret, and the access keys of your AWS payer account.

When you configure VMware Cloud Director Object Storage Extension with AWS, you establish the connection to the following AWS services:

Identity and Access Management (IAM) Service
Simple Storage Service (S3)
Security Token Service (STS)
Organization Service
(Optional) Key Management Service (KMS)

Prerequisites

Verify that you have an AWS payer account that is assigned with full privileges to the organization unit of the account.
Important: It is advised that you create an Identity and Access Management (IAM) user for your AWS payer account and use the IAM user to establish the connection between AWS and VMware Cloud Director Object Storage Extension instead.
Assign the following permission to the IAM user:
- Amazon S3 Full Access
- AWS Organizations Full Access
- AWS IAM Full Access
- AWS STS Full Access
- AWS Key Management Service Full Access
Verify that VMware Cloud Director Object Storage Extension has outbound access to AWS services.

Procedure

Open an SSH connection to the machine on which you installed VMware Cloud Director Object Storage Extension.

Configure the connection to AWS.

ose amazon set --region aws-payer-account-region --access-key account-access-key --secret-key account-secret-key

For example:

ose amazon set --region us-east-1 --access-key AKIAIOSFODNN7EXAMPLE --secret-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Validate the configuration.

ose config validate

If all components are successfully configured, the system returns the following message:

+-----------------------------+-------------+-----------------+-----------+
|             Name            |   Required  |   Connectivity  |   Detail  |
+=============================+=============+=================+===========+
|           Database          |      Y      |      Normal     |           |
+-----------------------------+-------------+-----------------+-----------+
|         Certificate         |      Y      |      Normal     |           |
+-----------------------------+-------------+-----------------+-----------+
|        Cloud Director       |      Y      |      Normal     |           |
+-----------------------------+-------------+-----------------+-----------+
|        Platform - AWS       |      Y      |      Normal     |           |
+-----------------------------+-------------+-----------------+-----------+
|       AWS IAM service       |      Y      |      Normal     |           |
+-----------------------------+-------------+-----------------+-----------+
|        AWS S3 service       |      Y      |      Normal     |           |
+-----------------------------+-------------+-----------------+-----------+
|       AWS STS service       |      Y      |      Normal     |           |
+-----------------------------+-------------+-----------------+-----------+
|   AWS Organization service  |      Y      |      Normal     |           |
+-----------------------------+-------------+-----------------+-----------+

If the system returns an error, review the log file at /opt/vmware/voss/log.

Verify the status of the VMware Cloud Director Object Storage Extension service.
```
ose service show
```
If the VMware Cloud Director Object Storage Extension service runs as expected, the system returns a Running status and configuration details.
If you receive an error message, you can start the VMware Cloud Director Object Storage Extension service in debugging mode by adding the --debug argument and troubleshoot the problem.
Start VMware Cloud Director Object Storage Extension services.
```
ose service start
```
(Optional) Get configuration details.
```
ose amazon show
```
The system returns the AWS configuration details.

Results

You installed VMware Cloud Director Object Storage Extension and configured it to work with the native AWS S3 provided by VMware Cloud on AWS.