The AWS CLI needs to be run from the same directory in which you save the files.

Procedure

  1. Create the VM Import Service Role.

    Use the following commands to create a role name vmimport with the required permission.

    aws iam create-role --role-name vmimport --assume-role-policy-document file://vmimport-role-trust.json 
    
    aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://vmimport-role-policy.json 
    
    aws iam put-role-policy --role-name vmimport --policy-name AviController-vmimport-KMS-Policy --policy-document file://avicontroller-kms-vmimport.json 
    Note:

    The AWS put-role-policy command creates an inline policy in the role (as opposed to an attached policy).

  2. Create the required policies for the NSX Advanced Load Balancer Controller role.

    AviController-Refined-Role is the role which will be attached to the Controller via the instance profile. Follow the below commands:

    aws iam create-role --role-name AviController-Refined-Role --assume-role-policy-document file://avicontroller-role-trust.json 
    
    aws iam create-policy --policy-name AviController-EC2-Policy --policy-document file://avicontroller-ec2-policy.json 
    
    aws iam create-policy --policy-name AviController-S3-Policy --policy-document file://avicontroller-s3-policy.json 
    
    aws iam create-policy --policy-name AviController-IAM-Policy --policy-document file://avicontroller-iam-policy.json 
    
    aws iam create-policy --policy-name AviController-R53-Policy --policy-document file://avicontroller-r53-policy.json 
    
    aws iam create-policy --policy-name AviController-ASG-Policy --policy-document file://avicontroller-asg-policy.json 
    
    aws iam create-policy --policy-name AviController-SQS-SNS-Policy --policy-document file://avicontroller-sqs-sns-policy.json 
    
    aws iam create-policy --policy-name AviController-KMS-Policy --policy-document file://avicontroller-kms-policy.json 
    Note:

    Attach the following optional policies for AWS DNS service and the SNS-SQS feature as required:

    • AviController-R53-Policy

    • AviController-AutoScalingGroup-Policy

    • AviController-SQS-SNS-Policy

    • AviController-KMS-Policy

  3. Attach policies to the NSX Advanced Load Balancer Controller role.

    Once the policies (AviController-EC2-Policy, AviController-R53-Policy, AviController-IAM-Policy, and so on.) are created (in Step 2), attach them to the AviController-Refined-Role.

    aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-EC2-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-R53-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-ASG-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-SQS-SNS-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-ASG-Notification" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-KMS-Policy"
    Note:

    Make sure to replace 123456789012 with the applicable AWS account ID.

  4. Create an instance profile and apply this instance profile to the EC2 role.
    aws iam create-role --role-name AviController-Refined-Role --assume-role-policy-document file://avicontroller-role-trust.json 
    aws iam create-instance-profile --instance-profile-name AviController-Refined-Role
    aws iam add-role-to-instance-profile --instance-profile-name AviController-Refined-Role --role-name AviController-Refined-Rol
    aws iam create-policy --policy-name AviController-EC2-Policy --policy-document file://avicontroller-ec2-policy.json 
    
    aws iam create-policy --policy-name AviController-S3-Policy --policy-document file://avicontroller-s3-policy.json 
    
    aws iam create-policy --policy-name AviController-IAM-Policy --policy-document file://avicontroller-iam-policy.json 
    
    aws iam create-policy --policy-name AviController-R53-Policy --policy-document file://avicontroller-r53-policy.json 
    
    aws iam create-policy --policy-name AviController-ASG-Policy --policy-document file://avicontroller-asg-policy.json 
    
    aws iam create-policy --policy-name AviController-SQS-SNS-Policy --policy-document file://avicontroller-sqs-sns-policy.json 
    
    aws iam create-policy --policy-name AviController-KMS-Policy --policy-document file://avicontroller-kms-policy.json