The AWS CLI needs to be run from the same directory in which you save the files.
Procedure
- Create the VM Import Service Role.
Use the following commands to create a role name
vmimport
with the required permission.aws iam create-role --role-name vmimport --assume-role-policy-document file://vmimport-role-trust.json aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://vmimport-role-policy.json aws iam put-role-policy --role-name vmimport --policy-name AviController-vmimport-KMS-Policy --policy-document file://avicontroller-kms-vmimport.json
Note:The AWS put-role-policy command creates an inline policy in the role (as opposed to an attached policy).
- Create the required policies for the NSX Advanced Load Balancer Controller role.
AviController-Refined-Role
is the role which will be attached to the Controller via the instance profile. Follow the below commands:aws iam create-role --role-name AviController-Refined-Role --assume-role-policy-document file://avicontroller-role-trust.json aws iam create-policy --policy-name AviController-EC2-Policy --policy-document file://avicontroller-ec2-policy.json aws iam create-policy --policy-name AviController-S3-Policy --policy-document file://avicontroller-s3-policy.json aws iam create-policy --policy-name AviController-IAM-Policy --policy-document file://avicontroller-iam-policy.json aws iam create-policy --policy-name AviController-R53-Policy --policy-document file://avicontroller-r53-policy.json aws iam create-policy --policy-name AviController-ASG-Policy --policy-document file://avicontroller-asg-policy.json aws iam create-policy --policy-name AviController-SQS-SNS-Policy --policy-document file://avicontroller-sqs-sns-policy.json aws iam create-policy --policy-name AviController-KMS-Policy --policy-document file://avicontroller-kms-policy.json
Note:Attach the following optional policies for AWS DNS service and the SNS-SQS feature as required:
AviController-R53-Policy
AviController-AutoScalingGroup-Policy
AviController-SQS-SNS-Policy
AviController-KMS-Policy
- Attach policies to the NSX Advanced Load Balancer Controller role.
Once the policies (
AviController-EC2-Policy
,AviController-R53-Policy
,AviController-IAM-Policy
, and so on.) are created (in Step 2), attach them to theAviController-Refined-Role
.aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-EC2-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-R53-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-ASG-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-SQS-SNS-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-ASG-Notification" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-KMS-Policy"
Note:Make sure to replace 123456789012 with the applicable AWS account ID.
- Create an instance profile and apply this instance profile to the EC2 role.
aws iam create-role --role-name AviController-Refined-Role --assume-role-policy-document file://avicontroller-role-trust.json aws iam create-instance-profile --instance-profile-name AviController-Refined-Role aws iam add-role-to-instance-profile --instance-profile-name AviController-Refined-Role --role-name AviController-Refined-Rol aws iam create-policy --policy-name AviController-EC2-Policy --policy-document file://avicontroller-ec2-policy.json aws iam create-policy --policy-name AviController-S3-Policy --policy-document file://avicontroller-s3-policy.json aws iam create-policy --policy-name AviController-IAM-Policy --policy-document file://avicontroller-iam-policy.json aws iam create-policy --policy-name AviController-R53-Policy --policy-document file://avicontroller-r53-policy.json aws iam create-policy --policy-name AviController-ASG-Policy --policy-document file://avicontroller-asg-policy.json aws iam create-policy --policy-name AviController-SQS-SNS-Policy --policy-document file://avicontroller-sqs-sns-policy.json aws iam create-policy --policy-name AviController-KMS-Policy --policy-document file://avicontroller-kms-policy.json