Deploying a Software-Defined Data Center is the first step for using the VMware Cloud on AWS service. After you deploy the SDDC, you can view information about it and perform management tasks.

There are several actions to be considered before deploying your SDDC.

Connected AWS Account

When you deploy your SDDC on VMware Cloud on AWS, it is created within an AWS account and a VPC dedicated to your organization and managed by VMware. You must also connect the SDDC to an AWS account belonging to you, called the customer AWS account . This connection allows your SDDC to access AWS services belonging to your customer account.

You can deploy one, two or multiple hosts on VMware Cloud on AWS.

If you are deploying a Single Host SDDC, you can delay linking your customer AWS account for up to two weeks. You cannot scale up a Single Host SDDC to a multiple host SDDC until you link an AWS account. If you are deploying a multiple host SDDC, you must link your customer AWS account when you deploy the SDDC.

AWS VPC Configuration and Availability Requirements

The VPC, subnet, and AWS account you use must meet several requirements:
  • The subnet must be in an AWS Availability Zone (AZ) where VMware Cloud on AWS is available. Start by creating a subnet in every AZ in the AWS Region where the SDDC will be created. It helps you identify all AZs where an SDDC can be deployed and select the one that best meets your SDDC placement needs, whether you want to keep your VMC workloads close to or isolated from your AWS workloads running in a particular AZ. See Creating a Subnet in Your VPC in the AWS documentation for information about how to use the Amazon VPC console to create a subnet in your VPC.
  • The subnet must exist in the connected AWS account. It cannot be one owned by and shared from another account.
  • The AWS account being linked must have sufficient capacity to create a minimum of 17 ENIs per SDDC in each region where an SDDC is deployed. Although you cannot provision more than 16 hosts in a cluster, SDDC operations including planned maintenance and Elastic DRS can require us to temporarily add as many as 16 more hosts, so we recommend using an AWS that has sufficient capacity for 32 ENIs per SDDC per region.
  • We recommend dedicating a /26 CIDR block to each SDDC and not using that subnet for any other AWS services or EC2 instances. Because some of the IP addresses in this block are reserved for internal use, a /26 CIDR block is the smallest subnet that can accommodate SDDC IP address requirements.
  • By default, AWS services or instances that communicate with the SDDC must be on VPC subnets associated with the main route table of the connected VPC. To use a custom route table, enable AWS Managed Prefix List Mode. See Enable AWS Managed Prefix List Mode for more information. By default, AWS limits the size of the main route table to 50 routes. Because the main route table must accommodate an entry for each routed SDDC network segment as well as the management network CIDR and any additional routes you create directly in your AWS account, the default limit might not be adequate for your SDDC networks, especially if you connect more than one SDDC to the VPC. You can request a route table size increase as described in Amazon VPC quotas.
  • If necessary, you can link multiple SDDCs to a VPC if the VPC subnet used for ENI connectivity has a large enough CIDR block to accommodate them. Because all SDDCs in a VPC use the same main route table, make sure that network segments in those SDDCs do not overlap with each other or the VPC's primary CIDR block. Workload VMs on routed SDDC networks can communicate with all subnets in the VPC's primary CIDR block, but are unaware of other CIDR blocks that might exist in the VPC.

AWS Elastic IP Requirements

Every SDDC consumes at least 4 AWS Elastic IP (EIP) addresses that are not displayed on the VMware Cloud Console. These EIPs are required for core SDDC operations. Charges for them are listed in the VMware on AWS Pricing document under Additional charges not included. EIPs are billed per-hour. EIP address remaps, typically initiated by vMotion or a failover event on the edge gateway, are free of charge for the first 100 events. Here's a summary of how these core EIPs are used in a new SDDC:
Table 1. Core EIP Usage
Usage Description
Management Provides VMware support with access to your SDDC.
Management Gateway (MGW) SNAT Provides the SNAT address for traffic egressing the MGW to the Internet.
Compute Gateway (CGW) SNAT Provides the default SNAT address for traffic egressing the CGW to the Internet.
vCenter Public IP Provides the IP address used for vCenter when the vCenter FQDN is set to Public IP. See Set vCenter Server FQDN Resolution Address. This EIP is always consumed, even if you set the vCenter FQDN to Private IP.

Single Host SDDC starter Configuration for VMware Cloud on AWS

You can jump start your VMware Cloud on AWS experience with a Single Host SDDC starter configuration. This is a time-limited offering designed for you to prove the value of VMware Cloud on AWS in your environment. The service life of a Single Host environment is limited to 60 days. At any point during the service life of a Single Host SDDC, you can scale it up to a production configuration with two or more hosts with no loss of data. If you do not scale up the Single Host SDDC before the end of the service life, the SDDC is deleted along with all the workloads and data it contains.

Stretched Clusters for VMware Cloud on AWS

You can create an SDDC with a cluster that spans two availability zones. A stretched cluster uses vSAN technology to provide a single datastore for the SDDC and replicate the data across both availability zones. If service in one availability zone is disrupted, workload VMs in the SDDC are brought up in the other availability zone.

The following restrictions apply to stretched clusters:

  • The linked VPC must have two subnets, one in each AZ occupied by the cluster.
  • A given SDDC can contain either standard (single availability zone) clusters or stretched clusters, but not a mix of both.
  • You cannot convert a stretched cluster to a standard cluster or convert a standard cluster to a stretched cluster.
  • You need a minimum of two hosts (one in each AZ) to create a stretched cluster. Hosts must be added in pairs.

You can find more information about stretched clusters in the VMware Cloud Tech Zone article VMware Cloud on AWS: Stretched Clusters. For limitations that affect all stretched clusters, see VMware Configuration Maximums. Additionally, large-sized SDDC appliances are not supported with two-host stretched clusters.

Connecting to the SDDC and Configuring SDDC Networks

Before you can migrate your workload VMs and manage them in VMware Cloud on AWS , you must connect your on-premises data center to your SDDC. You can use the public Internet, AWS Direct Connect, or both for this connection. You must also set up one or more Virtual Private Networks (VPNs) to secure network traffic to and from your SDDC, and configure SDDC networking and security features like firewall rules, DNS, and DHCP. The VMware Cloud on AWS Networking and Security guide has more information about how to do that.

Custom Core Counts

When you deploy your initial SDDC, all host CPUs in the initial SDDC cluster are enabled. You cannot deactivate any host CPUs in the initial SDDC cluster. However, if you deploy additional clusters, you can choose to deactivate some of the host CPUs in the cluster, which can help save on licensing costs for software that is licensed on a per-CPU basis. If you want to take advantage of this feature, plan the size of your initial cluster and subsequent clusters accordingly.

Credit Card Payments

If you choose to use a credit card to pay for your VMware Cloud on AWS SDDC, rather than SPP credits or another method, you might incur a one-time $2000 pre-charge the first time you deploy an SDDC. Any SDDC usage in your first 60 days will be charged against this pre-charged amount. If you delete your initial SDDC before using up the $2000, any remaining amount is not refunded, but the usage for any other SDDCs you deploy counts towards this amount. Usage beyond this amount will be charged to your credit card. If you reach the end of the 60 days without consuming the full $2000 pre-charge, you forfeit any remainder. This pre-charge amount can only be used for VMware Cloud on AWS, and not other VMware Cloud services.

The implementation of the upfront $2000 pre-charge is part of VMware's fraud-prevention policy. This pre-charge is waived at VMware's discretion based on the your current level of engagement with VMware. You will learn of the waiver when you are about to deploy your first SDDC.

By default, credit cards can't be used as the payment method for purchasing subscriptions. If you need to use a credit card to purchase a subscription, open a support ticket, and VMware will assist you with the purchase.


Starting with SDDCs at version 1.24 or later, you can choose between vSAN Express Storage Architecture (vSAN ESA) or vSAN Original Storage Architecture (vSAN OSA). vSAN ESA leverages the characteristics of newer hardware to deliver improved capabilities and performance. For more information on vSAN ESA, see

Currently, the following restrictions apply to vSAN ESA in VMware Cloud on AWS:
  • vSAN ESA is available for clusters using i4i hosts only.
  • vSAN ESA is not supported with stretched clusters.
  • vSAN ESA is not supported with 2-host clusters.
  • After you have deployed a cluster, you cannot convert from vSAN ESA to vSAN OSA or vice versa.